Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP_DECRYPT [Closed]

cryptowall

  • This topic is locked This topic is locked

#1
marafi.b

marafi.b

    New Member

  • Member
  • Pip
  • 1 posts

Hello, 

I am not very good with computers, so I apologize if I'm not describing anything as clearly as I should be or I'm not using the correct terminology. Several months ago, I discovered that my laptop (SONY VIAO) wasn't booting. I would see the VAIO logo, a black screen, then it would restart and I would see the same logo, the same black screen over and over again. After googling it, I found out that you can hold F10 and it would fix the problem, so I did that. Then "VAIO Care" came up, and I didnt want to loose all of my data if i restored it, so i restarted the laptop. That solved the issue of my computer not booting up, but once I logged on, there was another issue. I was unable to open or play any of my music, videos, or pictures. I also noticed many files named "HELP_DECRYPT" I then found out (on google) that I have been infected with a malware called cryptolocker. I also can't download iTunes, not sure if that problem is related to the malware or not. If someone could please help me with this, that would be greatly appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by Marafi (administrator) on MARAFI-VAIO (14-09-2015 17:13:05)
Running from C:\Users\Marafi\Desktop
Loaded Profiles: boinc_master & Marafi (Available Profiles: boinc_master & Marafi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boinc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boincmgr.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Apple Inc.) C:\Users\Marafi\Downloads\iTunes6464Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-05-27] (Space Sciences Laboratory)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [4543232 2010-05-27] (World Community Grid)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1843088 2015-08-21] (APN)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [MusicManager] => C:\Users\Marafi\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [Google Update] => C:\Users\Marafi\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-07] (Google Inc.)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Run: [DW7] => C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13209088 2014-01-23] (The Weather Channel)
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl"
HKU\S-1-5-18\...\Run: [UfobWifwo] => regsvr32.exe "C:\ProgramData\UfobWifwo\UfobWifwo.dat"
HKU\S-1-5-18\...\Run: [wbengine] => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe [132096 2012-11-30] ()
HKU\S-1-5-18\...\Run: [gphuntu] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\gphuntu.dll",gphuntu <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [wbengine] => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe [132096 2012-11-30] ()
HKU\S-1-5-18\...\RunOnce: [*8fbca] => C:\08fbca1\08fbca1.exe [195072 2014-08-25] (NirSoft)
HKU\S-1-5-18\...\RunOnce: [*8fbca1] => C:\Windows\system32\config\systemprofile\AppData\Roaming\08fbca1.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe [699400 2013-01-08] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [*6131fe2] => C:\Windows\syswow64\regsvr32.exe C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\86131fe2.dll
HKU\S-1-5-18\...\RunOnce: [*6131fe] => C:\Windows\syswow64\regsvr32.exe C:\86131fe2\86131fe2.dll
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C4C11C69-2EFE-4DC8-9D9D-3AC1D5A954AA}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=APN10379&gct=hp
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> {2BE46347-6D8A-4921-B4AD-23BB4AFFD2BB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=0d16b19c-a9be-496d-a4d7-ea8dce410d49&apn_sauid=AB6C9EB5-26F0-494C-A549-9B00D8E5BF75
BHO: Oovoo Toolbar -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-03] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} ->  No File
BHO-x32: Oovoo Toolbar -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport.dll [2015-08-21] (APN LLC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-03] (Sun Microsystems, Inc.)
Toolbar: HKLM - Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll No File
Toolbar: HKLM-x32 - Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport.dll [2015-08-21] (APN LLC.)
Toolbar: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Marafi\AppData\Roaming\Mozilla\Firefox\Profiles\qrx9m5go.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-03] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2012-03-03] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1279953243-2969467477-3499177574-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marafi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1279953243-2969467477-3499177574-1005: @talk.google.com/O1DPlugin -> C:\Users\Marafi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1279953243-2969467477-3499177574-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1279953243-2969467477-3499177574-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marafi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marafi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: AccDictionary Class - C:\Users\Marafi\AppData\Roaming\Mozilla\Firefox\Profiles\qrx9m5go.default\Extensions\{65617BFF-E3DE-DCD4-77CF-9D21E46E287B} [2014-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://sony.msn.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Marafi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-06]
CHR Extension: (YouTube) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-16]
CHR Extension: (Google Search) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Pink Pixel Hearts) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpndhpnjnmbdnahgceiddnoimlkjohnb [2014-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09]
CHR Extension: (Poppit!) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2012-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Sinuous) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2012-06-16]
CHR Extension: (Gmail) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-16]
CHR HKLM\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\Exts\Chrome.crx <not found>
StartMenuInternet: Google Chrome - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [201616 2015-08-21] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BOINC; C:\Program Files (x86)\BOINC\boinc.exe [529152 2010-05-27] (World Community Grid)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2011-03-28] (Realsil Microelectronics Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [53248 2012-02-09] (Digital Delivery Networks, Inc.) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [X]
S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1307010.005\ccSetx64.sys [X]
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120518.001\IDSvia64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120519.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120519.009\EX64.SYS [X]
S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [X]
S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [X]
S0 SymDS; system32\drivers\NISx64\1307010.005\SYMDS64.SYS [X]
S0 SymEFA; system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [X]
S3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [X]
S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1307010.005\Ironx64.SYS [X]
S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-14 17:13 - 2015-09-14 17:14 - 00028853 _____ C:\Users\Marafi\Desktop\FRST.txt
2015-09-14 17:12 - 2015-09-14 17:13 - 00000000 ____D C:\FRST
2015-09-14 17:10 - 2015-09-14 17:12 - 02190848 _____ (Farbar) C:\Users\Marafi\Desktop\FRST64.exe
2015-09-14 17:09 - 2015-09-14 17:09 - 02190848 _____ (Farbar) C:\Users\Marafi\Downloads\FRST64.exe
2015-09-14 16:58 - 2015-09-14 16:58 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-14 16:58 - 2015-09-14 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-14 16:57 - 2015-09-14 16:58 - 00000000 ____D C:\Program Files\iTunes
2015-09-14 16:57 - 2015-09-14 16:57 - 00000000 ____D C:\Program Files\iPod
2015-09-14 16:57 - 2015-09-14 16:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-14 16:41 - 2015-09-14 16:44 - 155835672 _____ (Apple Inc.) C:\Users\Marafi\Downloads\iTunes6464Setup.exe
2015-09-13 23:32 - 2015-09-13 23:32 - 00002964 _____ C:\Windows\System32\Tasks\{FEC8F757-896F-4447-A7E2-55555E0426B1}
2015-09-13 23:05 - 2015-09-13 23:11 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-09-13 14:41 - 2015-09-13 14:41 - 00591696 _____ C:\Windows\system32\s000004.dat
2015-09-13 14:27 - 2015-09-14 17:06 - 00002946 _____ C:\Windows\System32\Tasks\CryptoUpdate
2015-09-13 14:27 - 2015-09-14 17:06 - 00000370 ____H C:\Windows\Tasks\CryptoUpdate.job
2015-09-07 23:42 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-07 23:42 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-07 23:42 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-07 23:42 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-07 23:41 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-07 23:41 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-07 23:41 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-07 23:41 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-07 23:41 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-07 23:41 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-07 23:41 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-07 23:41 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-07 23:41 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-07 23:41 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-07 23:36 - 2015-09-07 23:37 - 00080494 _____ C:\ProgramData\SMRResults501.dat
2015-09-07 22:21 - 2015-09-07 22:28 - 00000000 ____D C:\NPE
2015-09-07 21:56 - 2015-09-07 23:16 - 00000000 ____D C:\Users\Marafi\AppData\Local\NPE
2015-09-07 21:55 - 2015-09-07 21:56 - 03088296 _____ (Symantec Corporation) C:\Users\Marafi\Downloads\NPE (1).exe
2015-09-07 21:55 - 2015-09-07 21:55 - 03088296 _____ (Symantec Corporation) C:\Users\Marafi\Downloads\NPE.exe
2015-09-07 21:53 - 2015-09-07 21:53 - 00003795 _____ C:\Users\Marafi\Downloads\msert (1).exe
2015-09-07 21:48 - 2015-09-07 21:48 - 00015814 _____ C:\Users\Marafi\Downloads\msert.exe
2015-09-07 21:39 - 2015-09-07 21:39 - 00008628 _____ C:\Users\Marafi\Documents\HELP_DECRYPT.HTML
2015-09-07 21:39 - 2015-09-07 21:39 - 00008628 _____ C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-07 21:39 - 2015-09-07 21:39 - 00008628 _____ C:\Users\Marafi\AppData\HELP_DECRYPT.HTML
2015-09-07 21:39 - 2015-09-07 21:39 - 00004254 _____ C:\Users\Marafi\Documents\HELP_DECRYPT.TXT
2015-09-07 21:39 - 2015-09-07 21:39 - 00004254 _____ C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-07 21:39 - 2015-09-07 21:39 - 00004254 _____ C:\Users\Marafi\AppData\HELP_DECRYPT.TXT
2015-09-07 21:39 - 2015-09-07 21:39 - 00000292 _____ C:\Users\Marafi\Documents\HELP_DECRYPT.URL
2015-09-07 21:39 - 2015-09-07 21:39 - 00000292 _____ C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.URL
2015-09-07 21:39 - 2015-09-07 21:39 - 00000292 _____ C:\Users\Marafi\AppData\HELP_DECRYPT.URL
2015-09-07 21:38 - 2015-09-07 21:38 - 00008628 _____ C:\Users\Marafi\AppData\Local\HELP_DECRYPT.HTML
2015-09-07 21:38 - 2015-09-07 21:38 - 00004254 _____ C:\Users\Marafi\AppData\Local\HELP_DECRYPT.TXT
2015-09-07 21:38 - 2015-09-07 21:38 - 00000292 _____ C:\Users\Marafi\AppData\Local\HELP_DECRYPT.URL
2015-09-07 18:47 - 2015-09-07 18:47 - 00000000 ____D C:\Program Files (x86)\GUM270F.tmp
2015-09-07 18:42 - 2015-09-07 18:42 - 02662704 _____ (Google) C:\Users\Marafi\Downloads\gpautobackup_setup.exe
2015-09-07 18:42 - 2015-09-07 18:42 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2015-09-07 18:40 - 2015-09-07 18:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-07 15:32 - 2015-09-07 18:33 - 00000000 ____D C:\Program Files (x86)\GUM1831.tmp
2015-09-07 15:32 - 2015-09-07 15:36 - 06420480 _____ C:\Program Files (x86)\GUT1832.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-14 17:12 - 2009-07-14 00:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-14 17:12 - 2009-07-14 00:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-14 17:02 - 2012-10-30 13:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005UA1cdb6c2879df578.job
2015-09-14 17:02 - 2012-10-30 13:18 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005Core1cdb6c286d216fc.job
2015-09-14 16:57 - 2012-10-30 13:18 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005UA1cdb6c2879df578
2015-09-14 16:57 - 2012-10-30 13:18 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005Core1cdb6c286d216fc
2015-09-14 16:57 - 2012-04-21 16:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-14 16:57 - 2012-04-21 16:25 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-14 16:49 - 2013-01-08 16:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-14 16:44 - 2012-03-03 02:54 - 01502432 _____ C:\Windows\WindowsUpdate.log
2015-09-14 16:41 - 2009-07-14 01:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-14 16:37 - 2012-09-05 19:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 16:37 - 2012-03-03 03:32 - 00000000 ____D C:\Users\boinc_master
2015-09-14 16:37 - 2012-03-03 03:30 - 00000000 ____D C:\ProgramData\BOINC
2015-09-14 16:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-14 16:37 - 2009-07-14 00:51 - 00090581 _____ C:\Windows\setupact.log
2015-09-14 16:36 - 2010-11-20 23:47 - 00903434 _____ C:\Windows\PFRO.log
2015-09-14 07:22 - 2012-09-05 19:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 18:23 - 2012-05-23 17:38 - 00000000 ____D C:\Users\Marafi\AppData\Local\CrashDumps
2015-09-13 14:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-13 14:27 - 2012-04-22 20:52 - 00000408 _____ C:\Windows\system32\sstates.sdt
2015-09-13 14:27 - 2012-04-22 20:52 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
2015-09-09 20:06 - 2012-04-21 15:58 - 00000000 ____D C:\Users\Marafi\AppData\Local\Google
2015-09-07 23:36 - 2015-01-27 11:40 - 00000000 ____D C:\Windows\FrameworkUpdate
2015-09-07 23:36 - 2010-11-20 23:24 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-09-07 21:57 - 2012-03-03 04:13 - 00000000 ____D C:\ProgramData\Norton
2015-09-07 21:40 - 2015-01-27 12:38 - 00008628 _____ C:\Users\Marafi\Downloads\HELP_DECRYPT.HTML
2015-09-07 21:40 - 2015-01-27 12:38 - 00004254 _____ C:\Users\Marafi\Downloads\HELP_DECRYPT.TXT
2015-09-07 21:40 - 2015-01-27 12:38 - 00000292 _____ C:\Users\Marafi\Downloads\HELP_DECRYPT.URL
2015-09-07 21:39 - 2014-06-16 16:25 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Mozilla
2015-09-07 21:39 - 2012-10-30 13:15 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\ooVoo Details
2015-09-07 21:39 - 2012-04-21 15:51 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Skype
2015-09-07 21:39 - 2012-04-21 02:54 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Sony Corporation
2015-09-07 21:38 - 2014-08-30 09:03 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\iMobie
2015-09-07 21:38 - 2012-04-21 16:51 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Apple Computer
2015-09-07 21:38 - 2012-04-21 15:05 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\ArcSoft
2015-09-07 21:38 - 2012-04-21 15:04 - 00000000 ____D C:\Users\Marafi\AppData\Roaming\Adobe
2015-09-07 21:38 - 2012-04-21 14:57 - 00000000 ____D C:\Users\Marafi\AppData\Local\VirtualStore
2015-09-07 21:38 - 2012-03-03 03:27 - 00000000 ____D C:\Nobu_Icon
2015-09-07 21:37 - 2015-01-27 11:27 - 00000000 __SHD C:\found.002
2015-09-07 21:37 - 2014-07-07 13:34 - 00000000 __SHD C:\found.000
2015-09-07 21:37 - 2012-03-03 03:34 - 00000000 ____D C:\Documentation
2015-09-07 21:35 - 2015-01-27 11:39 - 00000000 ___HD C:\86131fe2
2015-09-07 19:46 - 2012-08-16 18:46 - 00154142 _____ C:\test.xml
2015-09-07 18:54 - 2012-04-21 15:59 - 00002376 _____ C:\Users\Marafi\Desktop\Google Chrome.lnk
2015-09-07 18:38 - 2012-04-21 02:53 - 00000000 ____D C:\Users\Marafi
2015-09-07 18:31 - 2014-08-24 08:24 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2015-09-07 18:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-09-07 18:19 - 2014-03-17 16:02 - 00000000 ____D C:\Users\Marafi\AppData\Local\Skype
2015-09-07 18:19 - 2013-11-04 21:47 - 00000000 ____D C:\Users\Marafi\AppData\Local\HorizonWimba
2015-09-07 18:19 - 2012-11-18 09:47 - 00000000 ____D C:\ProgramData\LogiShrd
2015-09-07 18:19 - 2012-09-09 14:00 - 00000000 ____D C:\Users\Marafi\AppData\Local\Microsoft Games
2015-09-07 18:19 - 2012-03-03 03:38 - 00000000 ___HD C:\ProgramData\ArcSoft
2015-09-07 18:19 - 2012-03-03 03:29 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-09-07 18:19 - 2012-03-03 02:53 - 00000000 ____D C:\ProgramData\DDNi
2015-09-07 15:17 - 2012-09-05 19:05 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-07 15:17 - 2012-09-05 19:05 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-09-07 15:32 - 2015-09-07 15:36 - 6420480 _____ () C:\Program Files (x86)\GUT1832.tmp
2014-08-03 19:05 - 2014-11-06 23:03 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\1293003284
2014-08-03 19:05 - 2014-09-15 21:49 - 0000029 _____ () C:\Users\Marafi\AppData\Roaming\2271198803
2014-08-03 18:55 - 2014-11-06 19:18 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\2376157813
2014-08-03 18:55 - 2014-08-03 19:05 - 49308698 _____ () C:\Users\Marafi\AppData\Roaming\2683372670
2014-08-03 19:05 - 2014-11-06 21:21 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\3084334620
2015-09-07 21:39 - 2015-09-07 21:39 - 0008628 _____ () C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-07 21:39 - 2015-09-07 21:39 - 0045851 _____ () C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.PNG
2015-09-07 21:39 - 2015-09-07 21:39 - 0004254 _____ () C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-07 21:39 - 2015-09-07 21:39 - 0000292 _____ () C:\Users\Marafi\AppData\Roaming\HELP_DECRYPT.URL
2015-09-07 21:38 - 2015-09-07 21:38 - 0008628 _____ () C:\Users\Marafi\AppData\Local\HELP_DECRYPT.HTML
2015-09-07 21:38 - 2015-09-07 21:38 - 0045851 _____ () C:\Users\Marafi\AppData\Local\HELP_DECRYPT.PNG
2015-09-07 21:38 - 2015-09-07 21:38 - 0004254 _____ () C:\Users\Marafi\AppData\Local\HELP_DECRYPT.TXT
2015-09-07 21:38 - 2015-09-07 21:38 - 0000292 _____ () C:\Users\Marafi\AppData\Local\HELP_DECRYPT.URL
2012-04-21 15:18 - 2012-04-21 15:18 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20120421.151829.txt
2012-10-19 11:05 - 2012-10-19 11:05 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20121019.110552.txt
2012-11-09 16:58 - 2012-11-09 16:59 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20121109.155851.txt
2012-12-31 14:37 - 2012-12-31 14:37 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20121231.133746.txt
2013-02-24 11:40 - 2013-02-24 11:41 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130224.104059.txt
2013-04-26 21:00 - 2013-04-26 21:00 - 0002112 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130426.210027.txt
2013-07-09 02:23 - 2013-07-09 02:23 - 0002112 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130709.022303.txt
2013-07-12 15:39 - 2013-07-12 15:39 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130712.153907.txt
2013-07-16 15:03 - 2013-07-16 15:03 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130716.150349.txt
2013-08-18 03:32 - 2013-08-18 03:32 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130818.033217.txt
2013-08-24 21:36 - 2013-08-24 21:36 - 0002112 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20130824.213645.txt
2013-10-07 19:34 - 2013-10-07 19:34 - 0002128 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20131007.193401.txt
2013-12-23 15:11 - 2013-12-23 15:11 - 0002112 _____ () C:\Users\Marafi\AppData\Local\PDLSetup.20131223.141113.txt
2015-01-27 11:46 - 2015-01-27 11:46 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-27 11:46 - 2015-01-27 11:46 - 0045560 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-27 11:46 - 2015-01-27 11:46 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-27 11:46 - 2015-01-27 11:46 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2012-03-03 02:53 - 2012-03-03 02:53 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-09-07 23:36 - 2015-09-07 23:37 - 0080494 _____ () C:\ProgramData\SMRResults501.dat
 
Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat
 
 
Some files in TEMP:
====================
C:\Users\Marafi\AppData\Local\Temp\adelubqd.exe
C:\Users\Marafi\AppData\Local\Temp\apirpair.dll
C:\Users\Marafi\AppData\Local\Temp\conhost.exe
C:\Users\Marafi\AppData\Local\Temp\crypsapi.dll
C:\Users\Marafi\AppData\Local\Temp\KB00654845.exe
C:\Users\Marafi\AppData\Local\Temp\KB00661241.exe
C:\Users\Marafi\AppData\Local\Temp\lpr.dll
C:\Users\Marafi\AppData\Local\Temp\update.exe
C:\Users\Marafi\AppData\Local\Temp\UpdateFlashPlayer_2242af1c.exe
C:\Users\Marafi\AppData\Local\Temp\UpdateFlashPlayer_368eec5c.exe
C:\Users\Marafi\AppData\Local\Temp\UpdateFlashPlayer_7e5f9ea2.exe
C:\Users\Marafi\AppData\Local\Temp\UpdateFlashPlayer_8b724e14.exe
C:\Users\Marafi\AppData\Local\Temp\UpdateFlashPlayer_911e9440.exe
C:\Users\Marafi\AppData\Local\Temp\urepair.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-13 14:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-09-2015
Ran by Marafi (2015-09-14 17:15:01)
Running from C:\Users\Marafi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-21 06:53:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1279953243-2969467477-3499177574-500 - Administrator - Disabled)
boinc_master (S-1-5-21-1279953243-2969467477-3499177574-1000 - Limited - Enabled) => C:\Users\boinc_master
boinc_project (S-1-5-21-1279953243-2969467477-3499177574-1001 - Limited - Enabled)
Guest (S-1-5-21-1279953243-2969467477-3499177574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1279953243-2969467477-3499177574-1007 - Limited - Enabled)
Marafi (S-1-5-21-1279953243-2969467477-3499177574-1005 - Administrator - Enabled) => C:\Users\Marafi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 5.2 (Disabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.2 (Disabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 10 Plugin (HKLM-x32\...\{E6725026-A650-449C-897B-D6B7A5EEA058}) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.484 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Photos Backup (HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\MusicManager) (Version:  - Google, Inc.)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.7.1.5 - Symantec Corporation)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.1 - DDNi)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C2201}) (Version: 12.34.1.2231 - APN, LLC)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
VAIO - Media Gallery (x32 Version: 1.5.0.16020 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.0.15030 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.1.12200 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.3.0.11090 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.424.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.7.0.07050 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (x32 Version: 5.4.0.15300 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World Community Grid (HKLM-x32\...\{99563F3B-EDF8-403F-AF3E-96685CB9F49C}) (Version: 6.10.57 - World Community Grid)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 ->  No File
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marafi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
13-09-2015 23:06:44 Removed iTunes
13-09-2015 23:17:35 Installed iTunes
13-09-2015 23:21:59 Installed iTunes
13-09-2015 23:32:29 Installed iTunes
13-09-2015 23:39:41 Installed iTunes
13-09-2015 23:41:44 Removed QuickTime 7
13-09-2015 23:43:27 Installed iTunes
14-09-2015 07:23:00 Installed iTunes
14-09-2015 16:50:00 Removed Bonjour
14-09-2015 16:56:47 Installed iTunes
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03C68113-3004-4402-9A73-610B24A4C308} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {0D9275BB-96A2-4FE5-B283-DAFBF91CF4D1} - \Norton Internet Security\Norton Error Processor -> No File <==== ATTENTION
Task: {19DC5CA1-45A5-41C3-AC20-96FA381AEC09} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-03-30] (Sony Corporation)
Task: {1C3CF045-B046-4AF0-8E21-038704E867BB} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {2DE62A85-5403-447A-A5BE-09C091019910} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {35D29A34-0D85-4681-A122-F555A54BC2A4} - System32\Tasks\{FEC8F757-896F-4447-A7E2-55555E0426B1} => C:\Users\Marafi\Downloads\iTunes6464Setup.exe [2015-09-14] (Apple Inc.)
Task: {42F4FF2C-4E82-41BC-B343-87DFD2CA9571} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2012-03-08] (Digital Delivery Networks, Inc.)
Task: {531EC61E-FF37-4172-BD63-6B6DBAA1806C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {5446A289-D1B8-4420-B416-B6062BEC768C} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Marafi => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-02-08] (Sony Corporation)
Task: {54B3A949-396E-45DC-B75B-22262B4B3CF8} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-02-23] (Sony Corporation)
Task: {5F740131-381A-4230-BF7D-D00BDF6AB7E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65E3446C-FBA2-4147-A28C-F8963ED751AF} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {725D2A9F-0670-4296-BEB4-5EC12A88772B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005Core1cdb6c286d216fc => C:\Users\Marafi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {74BDA38A-F1C0-4B5D-9CC2-BBBDC08D2E1C} - System32\Tasks\CryptoUpdate => C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl [2015-09-13] ()
Task: {78D02FA4-ED63-44CD-8EFE-2C308A1C7C84} - System32\Tasks\{C4945A9A-A698-4347-9254-1B20FB609959} => Chrome.exe http://ui.skype.com/...;page=tsInstall
Task: {8A69C01E-64D9-478E-9F91-575A9C3D87B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08] (Adobe Systems Incorporated)
Task: {8CE52467-B625-4AC1-8965-ED3863731242} - \Norton Internet Security\Norton Error Analyzer -> No File <==== ATTENTION
Task: {980318DD-80F4-4770-9E9B-CE65CE91F4E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {9B2B0995-278C-45C4-8E18-D952AA6FCD38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A5243C1C-FF60-4857-9838-E5D22B62FA9B} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-03-08] (Digital Delivery Networks, Inc.)
Task: {CBFE0DC5-AD86-489C-8FB0-1424D0D397EB} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {D13436EA-F62E-416A-8CA7-3820A78AE81C} - System32\Tasks\VAIO® Messenger (Marafi) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2012-03-08] (Digital Delivery Networks, Inc.)
Task: {DA502925-4A12-4209-A365-45812308FB64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005UA1cdb6c2879df578 => C:\Users\Marafi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {E97A5B14-CC8D-448A-99F4-28DCFB3C42D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {FD39A3FD-A1F3-4B92-94E1-26B4CF273826} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CryptoUpdate.job => C:\Windows\system32\regsvr32.exeJ/s C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005Core1cdb6c286d216fc.job => C:\Users\Marafi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1279953243-2969467477-3499177574-1005UA1cdb6c2879df578.job => C:\Users\Marafi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3A824E23-F5D4-4A9C-BD84-45D9BD6E8375}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-13 14:04 - 2015-09-13 14:04 - 00279117 ___SH () C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl
2012-03-03 03:34 - 2011-03-30 13:09 - 00049664 _____ () C:\Program Files\Sony\VAIO Update 5\VUAgentPS64.dll
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2012-03-03 04:15 - 2011-02-25 21:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-03-03 04:15 - 2011-02-25 21:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2009-08-18 16:02 - 2009-08-18 16:02 - 00061952 _____ () C:\Program Files (x86)\BOINC\zlib1.dll
2012-03-03 03:34 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2015-09-07 18:54 - 2015-08-27 20:17 - 01501512 _____ () C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-07 18:54 - 2015-08-27 20:17 - 00081224 _____ () C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-07 18:54 - 2015-08-27 20:17 - 16393032 _____ () C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2013-01-12 13:25 - 2013-01-12 13:25 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\955913dda3b983010042d291163ac01c\IsdiInterop.ni.dll
2012-03-03 02:59 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-29 20:57 - 2014-08-29 20:57 - 00049152 _____ () C:\Program Files (x86)\Mozilla Firefox\VERSION.dll
2014-08-03 19:54 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Marafi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{096DFBE2-94F8-409C-AC8E-06F1FD43006D}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{DE428148-06DC-4A45-A7F2-F1D4DAEA706A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1F4DAD65-9522-491F-9B3E-CA9C92608CE2}] => (Allow) LPort=2869
FirewallRules: [{82B79BFF-AAE2-4254-A921-11169E965A4A}] => (Allow) LPort=1900
FirewallRules: [{80E5E957-4387-453A-8B3A-049B3ABF82A0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8E987AB1-227F-4856-8C13-FB580EDEF137}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{BA02882B-9821-422C-9E50-8FBE526F02E7}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{DCFA9FA4-36DE-40AB-A2C0-C03F687CFFA5}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{5C0B7631-6D83-47BD-843A-EDCA05C88D47}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{3311A885-BED6-45BE-BC61-92CB9169181C}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe
FirewallRules: [{31D3910C-BC62-48FA-8906-FB80A6E17543}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{FE73C18C-AD69-4675-8778-EFED19E34608}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe
FirewallRules: [{A4715A1A-1B8D-4DEA-975A-DCE9555D4F98}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F7FF09E6-4E24-41FC-B10F-D7BE32239D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5DE33E8-E3F2-4652-AC89-D231A36BB259}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C04B23C0-6B8A-476D-A14E-2A575A0C33A5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C08C39A5-A921-4F7E-A35D-7ED152C8E24F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BC02312-3C95-4071-999A-D7860CF5A009}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{6E65E8CE-5A77-41B1-B4EC-87FE0F2558F6}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [TCP Query User{AF0BDCEF-F58E-428E-948C-DC30F41C1BF3}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{A209891E-C56B-4302-A1D0-6C5CEAD36D1E}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{69D2F380-7827-4FEF-8B9F-E683EC080B6E}] => (Allow) LPort=37678
FirewallRules: [{0F8AF67E-8E9C-4D4E-948D-3685AB6F951A}] => (Allow) LPort=37678
FirewallRules: [{152754E8-54B7-49A5-8DA2-6D2278B08E0C}] => (Allow) LPort=37679
FirewallRules: [TCP Query User{13729A79-2791-4309-B6C3-7A7481A85D99}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{7FBEC2EF-F37F-4CF1-B353-DB90B7B86E0E}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{6C912A03-464C-4E1D-85DC-74B6E17A89AA}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{5B7C0F5C-6B3F-441C-99C0-8AB569378003}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{6C2045E4-EEDF-42CB-B73D-2C2413CA2160}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{FE58BF0D-4233-45F7-854F-5B81CBDC8364}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{1E4F370E-6F84-4371-9175-DAEF1D98CA70}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{8E21AD36-8A0D-4921-8572-80053BCF2EB7}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{750B3149-C220-411C-8FB1-2145738DB0B2}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{D38D5380-5DE6-4157-9024-A425466BB5B5}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe
FirewallRules: [{4630D2D5-EA4F-42F2-B3FE-0CDAB60AA9DC}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe
FirewallRules: [TCP Query User{CDCF8926-3D7B-439C-AD26-2172603B96E5}C:\programdata\windows genuine advantage\{0d8dd7ae-d27d-4064-8f48-67903da76096}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{0d8dd7ae-d27d-4064-8f48-67903da76096}\msiexec.exe
FirewallRules: [UDP Query User{E4B3A219-AFD9-4643-906E-9754766BC8A2}C:\programdata\windows genuine advantage\{0d8dd7ae-d27d-4064-8f48-67903da76096}\msiexec.exe] => (Block) C:\programdata\windows genuine advantage\{0d8dd7ae-d27d-4064-8f48-67903da76096}\msiexec.exe
FirewallRules: [TCP Query User{77862FCC-F4C4-42C0-BFFB-1716EE04E385}C:\users\marafi\appdata\local\temp\730d.tmp] => (Block) C:\users\marafi\appdata\local\temp\730d.tmp
FirewallRules: [UDP Query User{8687A59B-A969-443E-88FB-5611F6CE14B0}C:\users\marafi\appdata\local\temp\730d.tmp] => (Block) C:\users\marafi\appdata\local\temp\730d.tmp
FirewallRules: [{86257AD1-AF60-4CF0-AAAB-B45AD5FDFDEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: IDSVia64
Description: IDSVia64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IDSVia64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SRTSPX
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: eeCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymNetS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2015 04:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2015 07:25:38 AM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/14/2015 07:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2015 11:44:52 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 11:40:49 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 11:39:00 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 11:23:02 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 11:19:20 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 10:59:17 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (09/13/2015 09:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(f4:37:b7:63:b7:[email protected]::f637:b7ff:fe63:b70b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
System errors:
=============
Error: (09/14/2015 04:37:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
ccSet_NIS
eeCtrl
IDSVia64
SRTSPX
SymDS
SymEFA
SymIRON
SymNetS
 
Error: (09/14/2015 04:37:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%2
 
Error: (09/14/2015 07:15:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
ccSet_NIS
eeCtrl
IDSVia64
SRTSPX
SymDS
SymEFA
SymIRON
SymNetS
 
Error: (09/14/2015 07:14:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%2
 
Error: (09/14/2015 07:14:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:46:35 PM on ‎9/‎13/‎2015 was unexpected.
 
Error: (09/13/2015 11:03:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}
 
Error: (09/13/2015 10:31:40 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CKI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C4C11C69-2EFE-4DC8-9D9D-3AC1D5A954AA}.
The master browser is stopping or an election is being forced.
 
Error: (09/13/2015 09:23:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
ccSet_NIS
eeCtrl
IDSVia64
SRTSPX
SymDS
SymEFA
SymIRON
SymNetS
 
Error: (09/13/2015 09:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error: 
%%2
 
Error: (09/13/2015 09:23:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:45:50 PM on ‎9/‎13/‎2015 was unexpected.
 
 
Microsoft Office:
=========================
Error: (09/14/2015 04:37:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/14/2015 07:25:38 AM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/14/2015 07:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2015 11:44:52 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 11:40:49 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 11:39:00 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 11:23:02 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 11:19:20 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 10:59:17 PM) (Source: MsiInstaller) (EventID: 11402) (User: Marafi-VAIO)
Description: Product: iTunes -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2015 09:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(f4:37:b7:63:b7:[email protected]::f637:b7ff:fe63:b70b._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 90%
Total physical RAM: 4043.86 MB
Available physical RAM: 375.04 MB
Total Virtual: 8087.72 MB
Available Virtual: 3028.72 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:584.91 GB) (Free:481.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5F25FE2A)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=584.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there unfortunately the encrypted files are now lost. However, music from Amazon and iTunes should be re-downloadable. I notice that you have google picture backup so mayhap the pictures are safe there

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl"
HKU\S-1-5-18\...\Run: [UfobWifwo] => regsvr32.exe "C:\ProgramData\UfobWifwo\UfobWifwo.dat"
HKU\S-1-5-18\...\Run: [wbengine] => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe [132096 2012-11-30] ()
HKU\S-1-5-18\...\Run: [gphuntu] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\gphuntu.dll",gphuntu <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [wbengine] => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEUpdate\wbengine.exe [132096 2012-11-30] ()
HKU\S-1-5-18\...\RunOnce: [*8fbca] => C:\08fbca1\08fbca1.exe [195072 2014-08-25] (NirSoft)
HKU\S-1-5-18\...\RunOnce: [*8fbca1] => C:\Windows\system32\config\systemprofile\AppData\Roaming\08fbca1.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe [699400 2013-01-08] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [*6131fe2] => C:\Windows\syswow64\regsvr32.exe C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\86131fe2.dll
HKU\S-1-5-18\...\RunOnce: [*6131fe] => C:\Windows\syswow64\regsvr32.exe C:\86131fe2\86131fe2.dll
HKU\S-1-5-18\...A8F59079A8D5}\localserver32: <==== ATTENTION
HKU\S-1-5-21-1279953243-2969467477-3499177574-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=APN10379&gct=hp
SearchScopes: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> {2BE46347-6D8A-4921-B4AD-23BB4AFFD2BB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=APN10379&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABE&apn_dtid=^YYYYYY^YY^US&apn_uid=0d16b19c-a9be-496d-a4d7-ea8dce410d49&apn_sauid=AB6C9EB5-26F0-494C-A549-9B00D8E5BF75
BHO: Oovoo Toolbar -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> No File
BHO-x32: Oovoo Toolbar -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport.dll [2015-08-21] (APN LLC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL No File
Toolbar: HKLM - Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll No File
Toolbar: HKLM-x32 - Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport.dll [2015-08-21] (APN LLC.)
Toolbar: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1279953243-2969467477-3499177574-1005 -> Oovoo Toolbar - {4F564F32-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7\Passport_x64.dll [2015-08-21] (APN LLC.)
CHR Plugin: (Native Client) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Marafi\AppData\Local\Google\Chrome\Application\45.0.2454.85\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Marafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Users\Marafi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKLM\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\Exts\Chrome.crx <not found>
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [201616 2015-08-21] (APN LLC.)
2015-09-13 23:32 - 2015-09-13 23:32 - 00002964 _____ C:\Windows\System32\Tasks\{FEC8F757-896F-4447-A7E2-55555E0426B1}
2015-09-13 23:05 - 2015-09-13 23:11 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-09-13 14:41 - 2015-09-13 14:41 - 00591696 _____ C:\Windows\system32\s000004.dat
2015-09-13 14:27 - 2015-09-14 17:06 - 00002946 _____ C:\Windows\System32\Tasks\CryptoUpdate
2015-09-13 14:27 - 2015-09-14 17:06 - 00000370 ____H C:\Windows\Tasks\CryptoUpdate.job
2015-09-07 23:36 - 2015-09-07 23:37 - 00080494 _____ C:\ProgramData\SMRResults501.dat
2015-09-07 18:47 - 2015-09-07 18:47 - 00000000 ____D C:\Program Files (x86)\GUM270F.tmp
2015-09-07 15:32 - 2015-09-07 15:36 - 6420480 _____ () C:\Program Files (x86)\GUT1832.tmp
2014-08-03 19:05 - 2014-11-06 23:03 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\1293003284
2014-08-03 19:05 - 2014-09-15 21:49 - 0000029 _____ () C:\Users\Marafi\AppData\Roaming\2271198803
2014-08-03 18:55 - 2014-11-06 19:18 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\2376157813
2014-08-03 18:55 - 2014-08-03 19:05 - 49308698 _____ () C:\Users\Marafi\AppData\Roaming\2683372670
2014-08-03 19:05 - 2014-11-06 21:21 - 0000004 _____ () C:\Users\Marafi\AppData\Roaming\3084334620
CustomCLSID: HKU\S-1-5-21-1279953243-2969467477-3499177574-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {0D9275BB-96A2-4FE5-B283-DAFBF91CF4D1} - \Norton Internet Security\Norton Error Processor -> No File <==== ATTENTION
Task: {1C3CF045-B046-4AF0-8E21-038704E867BB} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {74BDA38A-F1C0-4B5D-9CC2-BBBDC08D2E1C} - System32\Tasks\CryptoUpdate => C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl [2015-09-13] ()
Task: {8CE52467-B625-4AC1-8965-ED3863731242} - \Norton Internet Security\Norton Error Analyzer -> No File <==== ATTENTION
C:\ProgramData\UfobWifwo
C:\Users\Marafi\AppData\Roaming\Microsoft\Crypto\RSA\cert_v180_0.tpl
C:\Windows\system32\config\systemprofile\AppData\Local\gphuntu.dll
C:\08fbca1\08fbca1.exe
C:\Windows\system32\config\systemprofile\AppData\Roaming\08fbca1.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\86131fe2.dll
C:\86131fe2\86131fe2.dll
C:\Program Files (x86)\AskPartnerNetwork
CMD: del /F /Q /S "C:\HELP_DECRYPT.txt"
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    http://img.photobuck...claimer_ENG.png

    NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: cryptowall

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP