Jump to content

Files encrypted by trojan


Recommended Posts

One of those pesky emails containing a trojan found its way through and an uninformed person opened it - with disastrous results.

I managed to get the infection off manually as yesterday no AV software could detect this trojan (as per VirusTotal) but since definitions have been released.

 

With that crises averted I noticed that any type of document, text or image file had .ahevfzf appended to the file name (for example .document.docx.ahevfzf).

Renaming the file back only produces an invalid file error in the related program.

I'm pretty sure the files are encrypted and I need help with getting this undone.

I have backups of some of the files because only last week the other backup HDD failed so I'm stuck with a few thousand files not backed up.

 

I have the VirusTotal result of one of the files downloaded by the trojan:

https://www.virustotal.com/en/file/854a5983cbbee08ee7200c5fc7451f0d6298262ab87727281f474453a4f617ca/analysis/

 

I have attached a zip containing the attachment opened as well as all related files installed by this.

The other zip contains an example of the encrypted file.

 

Any help would be appreciated.

 

 

Sample of encrypted file.zip

Virus sample.zip

Link to post
Share on other sites

Hello Axis_Crusher, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
The files have been encrypted by CTB Locker. Unfortunately, there is no method to brute force decryption of files encrypted by this infection.
 
You have a few options which may or may not work. 
I'm afraid there are no guarantees here. You may be lucky and end with a successful result, or you may be unlucky. 
 
CTB Locker is supposed to delete Shadow Volume Copies, so the first two options have low success rate with this infection. 
 
Let me know how you get on. 

y3MMIrs.png Previous Versions

  • Right-click the file/folder and click Properties.
  • Click Previous Versions.
  • This tab will list all copies of the file and the date they were backed up.
  • To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
  • If you wish to restore the selected file and replace the existing one, click Restore.
  • If you wish to view the contents of the file before restoring, click Open.
     

MzmiIl9.gif ShadowExplorer

  • Please download ShadowExplorer and save the file to your Desktop.
  • Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
  • Right-Click ShadowExplorer.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • You will see a drop-down menu with the shadow copies of all partitions and disks present.
  • Click C:\ from the drop-down menu.
  • To the right, pick a date prior to the infection from the drop-down menu.
  • To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
     

J8xQM97.png File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

Link to post
Share on other sites

Thank you for the response.

 

You are welcome to call me by my name which is Ruben.

 

I feared it was something in the line of CryptoLocker or CTB Locker.

I switched off the system within 3 minutes of infection and booted it up in Safe Mode.

It did however encrypt 80% of all documents on this PC and 40% on the network shares.

 

Please allow me a little while to do this and I'll post back the results. I am in the time zone of GMT+2 so I expect us to have some form of delay in our responses.

Link to post
Share on other sites

Hi Ruben, 
 

I feared it was something in the line of CryptoLocker

CryptoLocker has been dead for sometime. Unfortunately, due to the lucrative nature of this type of malware, the number of file-encrypting ransomware infections continues to increase. 
 

40% on the network shares.

Most data recovery tools are unable to recover data over a network, so I don't imagine you will have a successful result with this I'm afraid. 
 

Please allow me a little while to do this and I'll post back the results.

That's quite alright.

Link to post
Share on other sites

Goodday Adam.

 

Thanks for all the tips you gave.

 

I managed to retreive all encrypted files on the PC that started the infection.

ShadowExplorer worked like a charm.

 

Unfortunately the network share folder did not yield any results - and this was where the really important files were stored.

I had a backup of this folder but as Murpey's law would have it the external har drive used for backups failed last week.

 

Anyways I'm sure I cleaned out the infection on this PC but I would like to make sure since these things sometimes come with rootkits.

Reinfection is not an option right now.

Link to post
Share on other sites

Ok so I did a lot more digging and 2 things came up.

 

I attached 2 images of significant importance.

 

"Decrypt All Files ahevfzf.bmp" is a bitmap I found that contains the message the trojan wa supposed to display after its code executed. It has the access code for the server.

 

Secondly "Interesting.jpg" is a screenshot of a laptop. The laptop's name is lachies.

The folder displayed on the left and rght sre the exact same folders at the exact same time.

The screenshot is taken on a dual monitor setup with both screens next to each other.

Left is me opening the folder directly on the HDD and on the right is the same folder opened by using \\lachies and opening this particular folder.

How can the same folder appear fine if accessed directly but encrypted when opened through the network?

post-167593-0-83499700-1421939083_thumb.

Decrypt All Files ahevfzf.bmp

Link to post
Share on other sites

Hello Ruben, 
 

I managed to retreive all encrypted files on the PC that started the infection.
ShadowExplorer worked like a charm.

I'm very pleased to hear. 
 

"Decrypt All Files ahevfzf.bmp" is a bitmap I found that contains the message the trojan wa supposed to display after its code executed.

Yes, this file is dropped on each machine infected by CTB Locker. 
 

How can the same folder appear fine if accessed directly but encrypted when opened through the network?

I don't know enough about the encryption process over networks to answer this I'm afraid. 
You may wish to try asking in the public discussion at BleepingComputer: 
http://www.bleepingcomputer.com/forums/t/542564/ctb-locker-or-decryptallfilestxt-encrypting-ransomware-sets-extension-to-ctbl/page-4
 
Would you like me to double-check the machine for malware?

Link to post
Share on other sites

Hi Ruben, 
 
Please do the following on the infected machine. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/01/23
Scan Time: 02:41:11 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tiger Mbeje

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320199
Time Elapsed: 29 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Tiger Mbeje (administrator) on TIGER-NB on 23-01-2015 15:34:24
Running from C:\Users\Tiger Mbeje\Desktop
Loaded Profiles: Tiger Mbeje (Available profiles: Tiger Mbeje)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Sage South Africa (Pty) Ltd) C:\Users\Tiger Mbeje\AppData\Local\Sage Connected Services\SageCSClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1770792 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKU\S-1-5-21-1071587099-215772683-3659497779-1001\...\Run: [Payroll Notification Service] => C:\Users\Tiger Mbeje\AppData\Local\Sage Connected Services\SageCSClient.exe [960600 2014-06-02] (Sage South Africa (Pty) Ltd)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-11-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1071587099-215772683-3659497779-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
URLSearchHook: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^man000^YYA^&ptb=310781B1-5474-4672-B761-92FCA173BB67&ind=2014102309&n=780cc325&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^man000^YYA^&ptb=310781B1-5474-4672-B761-92FCA173BB67&ind=2014102309&n=780cc325&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^man000^YYA^&ptb=310781B1-5474-4672-B761-92FCA173BB67&ind=2014102309&n=780cc325&psa=&st=sb&searchfor={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.169
Tcpip\..\Interfaces\{83077DA8-973F-4B42-BBBE-F00D1B34F3CE}: [NameServer] 172.16.1.5

FireFox:
========
FF ProfilePath: C:\Users\Tiger Mbeje\AppData\Roaming\Mozilla\Firefox\Profiles\8zeg9h9h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-29]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S3 GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [246520 2010-06-03] (WildTangent, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435488 2009-11-17] (Pervasive Software Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTWAMPFL; C:\windows\System32\DRIVERS\btwampfl.sys [300584 2010-09-21] (Broadcom Corporation.)
R1 cmderd; C:\windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 15:33 - 2015-01-23 15:35 - 00010223 _____ () C:\Users\Tiger Mbeje\Desktop\FRST.txt
2015-01-23 15:33 - 2015-01-23 15:34 - 00000000 ____D () C:\FRST
2015-01-23 15:33 - 2015-01-23 15:32 - 01118208 _____ (Farbar) C:\Users\Tiger Mbeje\Desktop\FRST.exe
2015-01-23 15:32 - 2015-01-23 15:32 - 01118208 _____ (Farbar) C:\Users\Tiger Mbeje\Downloads\FRST.exe
2015-01-22 15:11 - 2015-01-22 15:13 - 00000000 ____D () C:\Users\Tiger Mbeje\Documents\Visual Studio 2005
2015-01-22 14:29 - 2015-01-22 15:59 - 01661102 _____ () C:\Users\Tiger Mbeje\Desktop\bitco for tyga.xlsx
2015-01-22 14:28 - 2015-01-22 14:29 - 00001759 _____ () C:\Users\Tiger Mbeje\Desktop\bitco for tyga.csv
2015-01-22 13:55 - 2015-01-22 13:55 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\Telephone Bill For 2014-2015
2015-01-21 14:33 - 2015-01-21 14:33 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Roaming\www.shadowexplorer.com
2015-01-19 16:38 - 2015-01-23 14:41 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 16:38 - 2015-01-19 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 16:33 - 2015-01-19 16:33 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-19 16:33 - 2015-01-19 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-19 16:33 - 2015-01-19 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 16:33 - 2015-01-19 16:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-19 16:33 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-19 16:33 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-19 16:33 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-19 08:23 - 2015-01-19 14:14 - 03584738 _____ () C:\ProgramData\akxnlbd.html
2015-01-14 14:37 - 2015-01-14 14:37 - 00000269 _____ () C:\windows\pvsw.log
2015-01-14 14:36 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 14:36 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 14:36 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 14:36 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 14:35 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 14:35 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 11:03 - 2015-01-14 11:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-12 16:34 - 2015-01-12 16:34 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Local\Sage_South_Africa
2015-01-09 16:29 - 2015-01-09 16:29 - 00000000 ____D () C:\Program Files\Common Files\BIGenerator
2015-01-09 16:29 - 2015-01-09 16:29 - 00000000 ____D () C:\Program Files\Common Files\BIExcelFunctions1.1
2015-01-09 16:29 - 2015-01-09 16:29 - 00000000 ____D () C:\Program Files\Common Files\BIComponentsDotNet
2015-01-09 16:28 - 2015-01-09 16:28 - 00002671 _____ () C:\Users\Public\Desktop\Point Of Sale for Accounting V14.lnk
2015-01-09 16:26 - 2015-01-09 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Pastel
2015-01-09 16:26 - 2015-01-09 16:26 - 00002671 _____ () C:\Users\Public\Desktop\Accounting Partner V14.lnk
2015-01-09 16:25 - 2015-01-22 16:59 - 00000000 ____D () C:\Pastel14
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Softline Pastel
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Common Files\Tidestone
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Common Files\Softline Pastel
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Common Files\Sage Pastel
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Program Files\Common Files\Data Dynamics
2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ____D () C:\Binaries
2015-01-09 15:42 - 2015-01-09 15:42 - 00000495 _____ () C:\windows\ODBCINST.INI
2015-01-09 15:42 - 2015-01-09 15:42 - 00000000 ____D () C:\ProgramData\Pervasive Software
2015-01-09 15:42 - 2015-01-09 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
2015-01-09 15:42 - 2015-01-09 15:42 - 00000000 ____D () C:\Program Files\Pervasive Software
2015-01-09 15:39 - 2015-01-09 15:39 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sage Connected Services
2015-01-09 15:39 - 2015-01-09 15:39 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Local\Sage Connected Services
2015-01-09 15:38 - 2015-01-09 15:38 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2015-01-09 15:35 - 2015-01-09 15:38 - 00000000 ____D () C:\ProgramData\Sage Installations
2015-01-09 14:31 - 2015-01-22 16:53 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\Pastel Partner 14 CD
2015-01-06 15:14 - 2015-01-06 15:32 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\slow jam
2015-01-06 13:34 - 2015-01-06 15:58 - 00001971 _____ () C:\Users\Tiger Mbeje\Desktop\_usr_WebSphere_AppServer_profiles_waspn05a_installedApps_pdmap1aCell01_BusinessIntegrator.ear_BusinessIntegratorWeb.war_cfocus_df_267330101420544074.asc
2015-01-06 10:50 - 2015-01-06 10:50 - 01117515 _____ () C:\Users\Tiger Mbeje\Desktop\BITCO TEXT.xlsx
2015-01-06 08:52 - 2015-01-06 08:52 - 00011383 _____ () C:\Users\Tiger Mbeje\Desktop\Book1.xlsx
2015-01-05 16:43 - 2015-01-06 10:48 - 00859158 _____ () C:\Users\Tiger Mbeje\Desktop\DEC'14 PHONE BILL.xlsx
2015-01-05 16:15 - 2015-01-05 16:50 - 00945963 _____ () C:\Users\Tiger Mbeje\Downloads\All-calls-by-account-code(4).csv
2014-12-26 17:45 - 2014-12-26 17:45 - 00000000 ____D () C:\Users\Tiger Mbeje\Documents\Fax

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 15:34 - 2010-12-29 07:22 - 01061682 _____ () C:\windows\WindowsUpdate.log
2015-01-23 15:33 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 15:33 - 2009-07-14 06:34 - 00014512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 15:30 - 2014-10-22 13:18 - 00120600 _____ () C:\Users\Tiger Mbeje\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-23 15:28 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-23 15:28 - 2009-07-14 06:39 - 00053720 _____ () C:\windows\setupact.log
2015-01-23 15:27 - 2014-10-06 15:38 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2015-01-23 15:27 - 2010-12-29 08:10 - 00939160 _____ () C:\windows\PFRO.log
2015-01-23 15:27 - 2009-07-14 06:33 - 00468560 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-23 15:21 - 2014-10-06 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-23 15:20 - 2014-10-06 15:31 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 15:19 - 2014-10-06 15:50 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-23 15:19 - 2010-12-29 08:13 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-23 15:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-23 15:18 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-23 14:46 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-23 14:46 - 2009-07-14 04:04 - 00000387 _____ () C:\windows\win.ini
2015-01-23 14:20 - 2014-10-06 15:31 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-01-23 14:20 - 2014-10-06 15:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-22 17:23 - 2014-12-05 14:10 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\New folder
2015-01-22 17:23 - 2014-10-22 14:11 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\NEW COMM
2015-01-22 16:57 - 2014-10-22 14:34 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\winsms
2015-01-22 16:55 - 2014-10-22 14:34 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\VAT CALC
2015-01-22 16:55 - 2014-10-22 13:29 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\EQUIPMENT LIST
2015-01-22 16:50 - 2014-11-13 13:44 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\DYAN
2015-01-22 16:50 - 2014-11-13 13:41 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\PHONE BILL
2015-01-22 16:50 - 2014-11-05 09:51 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\payments
2015-01-22 16:50 - 2014-10-22 14:54 - 00000000 ____D () C:\Users\Tiger Mbeje\Documents\Outlook Files
2015-01-22 15:12 - 2014-10-23 08:23 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Local\Microsoft Help
2015-01-22 13:54 - 2014-10-22 13:30 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\MY STUFF
2015-01-20 09:34 - 2010-12-29 08:24 - 00000000 ____D () C:\windows\fi
2015-01-20 08:29 - 2010-12-29 08:24 - 00000000 ____D () C:\windows\hr
2015-01-19 16:30 - 2009-07-26 22:06 - 00790276 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-19 14:13 - 2014-11-05 12:35 - 00000000 ____D () C:\Users\Tiger Mbeje\AppData\Local\CrashDumps
2015-01-19 08:18 - 2014-10-06 15:35 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-15 17:55 - 2014-08-21 14:01 - 00000000 ____D () C:\Users\Tiger Mbeje\Desktop\ott folder
2015-01-14 13:06 - 2014-10-06 15:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-09 15:42 - 2009-07-14 04:04 - 00002636 _____ () C:\windows\system32\config.nt
2015-01-09 15:38 - 2010-12-29 08:24 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-01-08 09:55 - 2014-10-22 13:57 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-03 11:49 - 2010-12-29 07:45 - 00000000 ____D () C:\ProgramData\WildTangent

==================== Files in the root of some directories =======
2015-01-19 08:23 - 2015-01-19 14:14 - 3584738 _____ () C:\ProgramData\akxnlbd.html
2010-12-29 07:30 - 2010-12-29 07:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-12-29 07:24 - 2010-12-29 07:25 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2010-12-29 07:28 - 2010-12-29 07:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-29 07:25 - 2010-12-29 07:27 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2010-12-29 07:29 - 2010-12-29 07:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Tiger Mbeje\AppData\Local\Temp\instloffer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:01

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Tiger Mbeje at 2015-01-23 15:36:19
Running from C:\Users\Tiger Mbeje\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Messenger“ pagalbinė priemonė (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (Version: 2.2.0.82 - WildTangent) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
BatteryLifeExtender (HKLM\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Build-a-lot (Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink Media Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82 - WildTangent) Hidden
Doplnok programu Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}) (Version: 4.4.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
Farm Frenzy (Version: 2.2.0.82 - WildTangent) Hidden
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (Version: 2.2.0.82 - WildTangent) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
John Deere Drive Green (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.7.1 (HKLM\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 35.0 (x86 en-ZA) (HKLM\...\Mozilla Firefox 35.0 (x86 en-ZA)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outlook Spy (32 bit) (HKLM\...\{0982A84C-005A-45CA-9BAC-F11129D34DAC}) (Version: 3.3.2487 - Advanced Messaging Systems LLC)
Peggle (Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (Version: 2.2.0.82 - WildTangent) Hidden
Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.024 - Pervasive Software)
Pervasive PSQL v10 SP3 Workgroup (32-bit) (Version: 10.30.024 - Pervasive Software) Hidden
Plants vs. Zombies (Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (Version: 2.2.0.82 - WildTangent) Hidden
Pomocnik Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Sage Connected Services (HKLM\...\{235821F2-813F-49A2-8C4E-1A516396E423}) (Version: 2.0.68 - Sage South Africa)
Sage Intelligence for Sage Pastel Accounting Partner V14 (HKLM\...\{7A829B8D-03CF-4A51-B662-8DEC2DF61DD8}) (Version: 1.0.4 - Sage Pastel)
Sage Pastel Accounting Partner Version 14 (HKLM\...\{C973382F-DF7F-452A-B1DC-D8692BEF8BD3}) (Version: 1.0.8 - Sage Pastel)
Sage Pastel Accounting Version 14 Help (HKLM\...\{A3BEEDA8-62DA-4C6B-BECA-C7A8748A1C17}) (Version: 1.0.3 - Sage Pastel)
Sage Pastel Point of Sale Version 14 (HKLM\...\{23BC90A8-3048-4E55-BF8E-FA827A790D60}) (Version: 1.0.4 - Sage Pastel)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.21 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spremljevalec Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.1000 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.22.0 - Synaptics Incorporated)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation)
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Youtube Downloader HD v. 2.9.9.14 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
Zuma Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{010133B6-88E0-303C-B3B8-3C7C7C2F9031}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{03E16FB5-1B8C-3CE4-9B0A-36179CBE1203}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{06CA8A10-8962-3B8E-8079-328F4F9B9E41}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{06F01A4F-0C75-3984-9C97-E8268A4F0118}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{07972DF4-D24D-393F-973A-A6331D54120A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{08694AEB-6C9C-30BE-868C-24BA6ED9E20A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{097DA91E-DBAC-30B5-A804-663869E60AEA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{0D69D0E7-3F11-3FA9-88A1-C12DBB5C45A8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{0EFDC7EE-DA0E-30FC-A518-B5D332D79793}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{0F1D8B97-AFB4-3B5D-9C59-94A471DC55BC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1C4541D5-1A92-3DAA-888D-09C88D467004}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1E3134F7-11AD-3772-9780-A8B700B7125A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1E66C524-1E43-3259-8064-F42A09260B52}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1ED8250E-B889-3238-A508-D40EA9B4B28F}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1F216016-2424-37BA-AC52-2A9C266827DA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1F669979-5979-311E-BAA9-203E9CCCE21E}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{1F669AC7-2328-3CEC-8CCF-547262858B3D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{215B6350-90E6-3FD2-B2CB-180FA08A4E59}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{29082DCB-942A-3AB6-902E-EE6E94678679}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{2C1EF75A-9584-394A-947C-2F7219E6868B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{2FE873F9-1D18-3FE2-B582-9165FDC4710C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{33151AAE-DE5F-326D-BF7E-74297C74CBE4}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{34C0AF40-F3D4-3EC6-B37A-5FA0055B7DCA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{36B2A81F-DFE4-3A79-9AB7-07FF6B5DC30E}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{39C2A08E-39B2-3625-8FFC-B448929675D1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{3B948286-30D4-34CB-900E-F6270B527A13}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{3C5BDCF6-6CB9-30BB-BEC4-95B9566EF355}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{41D941AC-C396-3CAF-A829-45DCF3226140}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{429E1B86-5E11-38DB-8B00-A84DBFCD3157}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{43436507-2C93-32DB-BF21-28E12BDB35FF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{43A62790-CED0-3627-9DE4-1B4F97A45C43}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{4754665A-8C26-3CDF-BEC9-C6C17CB5BE7D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{4855B9AB-BBAD-3D81-BD2B-1131583673BA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{49F1FA4D-53A6-3313-8E1A-B16A1A081475}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{4CF1C0F9-24A1-32F7-B9D6-00C829046B6D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{4D456D92-D45B-3922-B3D5-545805082D58}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{4F431A4F-3FE4-3C3A-83D7-892CC71CD6DF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{5119A4B4-99EB-3FCB-A194-E0905B222826}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{58D0F896-28E5-3843-907D-4CEF2C3FD208}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{5939E436-39A6-384F-98FB-E65F4148B150}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{5A215D3C-DBA7-3A82-8D03-630476D2FEF1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{5A3EA8EA-832B-3FC2-9072-89DB736F0E4B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{5B156E45-B5A7-3C30-86D9-CF31FFF8CCB1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{635D9C87-619A-3A05-8F25-814A9496E2C1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{6E2D781B-3324-3773-B059-D6E09642F313}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{6ECADFBC-3634-3353-960F-6BEF788A78F3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{6F2BF7B7-634D-3100-B4A5-5CFB55CB7F73}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{701E07DE-3CB7-3606-A4B7-074CEC0D47B3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{704E6EE5-812B-3242-BB52-FA7635CD885B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{73628C36-5415-3328-9FC8-6599AF15CF77}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{7A8856F5-D157-32F9-8AF4-733F2262C81B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{7BDA9932-515C-36C6-953B-A5C4772EC975}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{7CC5D4C6-1A1D-3AE3-988E-03AD58DB8F38}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{812336E3-732E-36BD-833C-20D392F0F189}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{843B55D1-A6F7-3DB0-AEDE-43038E98FE14}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{8A3CAE88-2BCE-3FA2-9888-2BA11779706C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{8B4E4121-29BF-3803-A3C7-41293DCA4FCF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{8C7B52E2-D3DA-3361-B076-59C0B8CAEE1E}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{8F634293-FAC7-314E-9114-61F6C8A550A2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{90839250-5588-34E9-9F64-C28A77A4A0C1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{9139BAD0-7CFF-327F-87F2-7B7EE0CBDFA2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{93DE2C21-C14A-3342-A34F-3D82F447D426}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{940CAF71-BF40-3479-AA34-9F86D88C35B3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{967C5FD1-C2F2-30F8-8C12-F972A110EB6D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{974EB5F2-292B-3ED4-9BBD-694705153B6D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{979E3418-C84A-38DA-9C98-1BF0CD4CB76A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{984B1067-CCEF-3F50-B625-E056C140BB4A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{9B6CC6AD-13F7-36EF-9ED2-2D6183013FA5}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{9F2FAFC6-95B4-35A3-8FF7-CA3C8298445B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{A7E42559-D50E-3349-8093-C65AAA0E22E0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{A8844EC5-EB79-3E4F-9F49-B4F067C0ACF7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B067EF38-7330-3436-AFBB-5AB7FAC73258}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B10B1B54-5768-3810-827B-850966A05FBE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B3A439D7-B086-3C54-A7EF-22A9572C0136}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B3C84C18-0BFC-390B-9896-C28C49B7A805}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B4585FC9-7D1E-366B-90B8-E41E5215A677}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{B90868B4-5206-3969-B614-509D19BB0653}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{BF850B34-C394-3891-AFC2-DFF8C13EECD7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{C3BDB7BC-1035-347C-AA33-718B59E800E9}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{C4FD9232-191E-3D31-8EB7-D98B0729C962}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{C531DF74-BCA9-38CB-B884-768AC5BF3B88}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{C83018A9-8002-33DD-A391-6B6D214EFCF9}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{C8C16D08-A457-34D1-9C52-42803737DA2A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{CC8217EE-04B4-3AF7-AA89-34BE66DBD3B2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{CF5BC70E-5221-3DD4-8916-9F3BD42281A5}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{D0E5B592-0832-3C0C-81FC-14925B4040BC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{D1D3C670-8A22-3513-BA21-6395F3D462C8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{D3D01D07-51AF-36F4-8448-B13D039AADCA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{D58EB2E0-02B7-3689-81FA-E6367E13E3A8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{D6D62188-1758-3495-A6A1-C48B0496DC47}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{E05841C6-BD21-385D-A766-AEC84F7EE3D4}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{E2E78E5E-43D2-3147-AD50-8DE00CD07361}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{E588812C-18F4-33E8-B4B7-9B0D5431E481}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{EA92EEE9-71C6-3FC2-9719-FC5B994B4502}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{ED7FE7F9-A11A-31CB-9694-08455E49CD7C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F122994C-2C57-3029-8642-59952C858DC9}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F137399B-E04F-359B-80C5-39F00B6CAC35}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F223C673-2220-3861-8293-F99C09351C8A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TIGERM~1\AppData\Local\Temp\1f35d67C51.exe No File
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F4172D27-63E3-3864-8040-EDBA44F4B42A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F95C51E9-5474-380C-B7DE-46B92B1B286C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FA55A5AE-6B4D-3B78-9BA0-7B3F8C257BA8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FABEF910-3D3D-3A1C-A80A-9BF641FF0FF8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FB89FC34-3EDE-3F78-AA62-C3679FA38A53}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FD292CAC-0473-3A09-9C41-A18B57D7C803}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FD29F1E6-98E5-30A7-983C-A22CAE9C789B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FD317572-540A-364E-9549-EC0764EDB2C6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FD44955E-9FE9-3298-B61D-8BE75C5EA2AE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FDC5AF93-3069-3A31-B459-29480E52CABD}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FE40EEDA-26CC-3F63-85B8-8C3F6A807842}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FEF0781A-F0CE-3C47-A4CC-D0D6BF88FE04}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{FFCFCE42-762F-3A6F-8C98-96970706CBF7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-01-2015 09:45:26 Windows Update
23-01-2015 14:37:46 Removed Microsoft Office Enterprise 2007

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B595A54-6BC0-42C8-9DDF-07AB5C137A0B} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {26E00CFB-3928-4C08-8C86-B53AF9884C2B} - System32\Tasks\WifiManager => C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {3079274B-15D7-4A50-962F-CE7182B03029} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
Task: {4222B9D0-DBB2-49CC-A3AE-B053057C32CD} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {442E2C49-4664-4AA7-ADC2-8623DF6C5BD0} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
Task: {4D43F487-C487-4675-95B2-72B1CF27B75F} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {4D800EC1-6D42-4477-BBBB-676591ED891F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5356E2EB-4B59-4C39-9C3B-1AE8CD009BBE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1071587099-215772683-3659497779-1001
Task: {5807D309-691B-4F80-86F6-A883EB93B73C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {59DDDFB5-8E1B-4AC2-BE98-CC4F590794B5} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {60F35CE4-4DEF-4744-A819-EA864C2FBBDC} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {7013DB38-2D20-4AAA-A413-CDCA3BC9C72A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {73E94230-F095-416F-B284-12FF27B95990} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {81071A86-B517-4449-B667-F249E4CD7F92} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-01] (Samsung Electronics)
Task: {8AC54F2C-1413-48D0-800C-BF491D8E5400} - System32\Tasks\{35F65149-8B6A-4B20-AF96-BD0FDEC17A11} => pcalua.exe -a "C:\Users\Tiger Mbeje\Downloads\bongasetup.exe" -d "C:\Users\Tiger Mbeje\Downloads"
Task: {9C3E9B28-A405-42E5-B3F0-6DFC8F5B63D8} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {A1B50978-D846-453A-94B7-5243F33DCE2D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {A8B50169-CAF2-4AB3-A88E-3D7E45C60DAA} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {B74F0FF1-948A-447C-9C3E-3CC292A7A09E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {CA479B70-0044-4908-B22D-6E32557A1A77} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel.exe [2010-11-29] (SRS Labs, Inc.)
Task: {E9C9A351-AE26-48FC-A7E5-5ED69324E8D5} - System32\Tasks\gtvryyb => C:\Users\TIGERM~1\AppData\Local\Temp\ktszqxf.exe <==== ATTENTION
Task: {ECB470BD-1B30-4652-ACA0-10821EDD4E16} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-12-02 08:37 - 2011-03-01 00:37 - 00180624 _____ () C:\windows\System32\Primomonnt.dll
2010-12-29 07:36 - 2008-06-05 01:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2010-12-29 07:27 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-12-29 07:37 - 2010-04-21 01:45 - 00552960 _____ () C:\windows\system32\SnMinDrv.dll
2013-04-15 18:39 - 2013-04-15 18:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2010-12-29 07:35 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2010-12-29 07:33 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2010-12-29 07:41 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1071587099-215772683-3659497779-500 - Administrator - Disabled)
Guest (S-1-5-21-1071587099-215772683-3659497779-501 - Limited - Disabled)
Tiger Mbeje (S-1-5-21-1071587099-215772683-3659497779-1001 - Administrator - Enabled) => C:\Users\Tiger Mbeje

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 03:22:01 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (01/23/2015 02:40:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program cis.exe version 7.0.53315.4132 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d68

Start Time: 01d03483e5c88ea0

Termination Time: 125

Application Path: C:\Program Files\COMODO\COMODO Internet Security\cis.exe

Report Id:

Error: (01/23/2015 02:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 12.0.6712.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 874

Start Time: 01d0363b8bf36364

Termination Time: 390

Application Path: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

Report Id: 16249131-a2fc-11e4-a490-b4749f63b631

Error: (01/22/2015 06:27:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 06:19:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 06:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 06:16:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 01:42:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 01:41:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 01:41:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/22/2015 02:23:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/22/2015 02:22:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/21/2015 07:53:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

Error: (01/20/2015 09:50:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.191.2746.0).

Error: (01/20/2015 09:34:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/20/2015 09:34:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/20/2015 09:34:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/20/2015 09:29:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/20/2015 09:29:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/20/2015 09:29:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/23/2015 03:22:01 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (01/23/2015 02:40:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: cis.exe7.0.53315.4132d6801d03483e5c88ea0125C:\Program Files\COMODO\COMODO Internet Security\cis.exe

Error: (01/23/2015 02:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE12.0.6712.500087401d0363b8bf36364390C:\Program Files\Microsoft Office\Office12\EXCEL.EXE16249131-a2fc-11e4-a490-b4749f63b631

Error: (01/22/2015 06:27:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\easy display manager\RunGfxUI64.exe

Error: (01/22/2015 06:19:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (01/22/2015 06:16:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (01/22/2015 06:16:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest

Error: (01/22/2015 01:42:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (01/22/2015 01:41:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest

Error: (01/22/2015 01:41:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest


==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 67%
Total physical RAM: 1908.56 MB
Available physical RAM: 615.12 MB
Total Pagefile: 3817.13 MB
Available Pagefile: 2335.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.58 GB) (Free:273.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F41EADA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.1 GB) - (Type=27)

==================== End Of Log ============================

Link to post
Share on other sites

Hello Ruben, 
 

No matter what I try the TDSS log keeps triggering the "Post too long" error so I'll just attach it to this post.

No problem. 
 
Please check the following files. Do you recognise the contents?

2010-12-29 07:30 - 2010-12-29 07:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-12-29 07:24 - 2010-12-29 07:25 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2010-12-29 07:28 - 2010-12-29 07:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-29 07:25 - 2010-12-29 07:27 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2010-12-29 07:29 - 2010-12-29 07:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log


 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:URLSearchHook: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No FileC:\Program Files\OnlineMapFinder_9pSearchScopes: HKLM -> DefaultScope {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask...r={searchTerms}SearchScopes: HKLM -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask...r={searchTerms}SearchScopes: HKU\S-1-5-21-1071587099-215772683-3659497779-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = http://search.tb.ask...r={searchTerms}FF Plugin: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll No File2015-01-19 08:23 - 2015-01-19 14:14 - 03584738 _____ () C:\ProgramData\akxnlbd.htmlC:\Users\Tiger Mbeje\AppData\Local\Temp\instloffer.exeCustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d}\InprocServer32 -> C:\Program Files\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No FileTask: {E9C9A351-AE26-48FC-A7E5-5ED69324E8D5} - System32\Tasks\gtvryyb => C:\Users\TIGERM~1\AppData\Local\Temp\ktszqxf.exe <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-1071587099-215772683-3659497779-1001_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\TIGERM~1\AppData\Local\Temp\1f35d67C51.exe No FileEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 
STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click Export to text file and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to Uninstall application on close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 4
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x32) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[s0].txt
  • ESET log
  • RKreport.txt
Link to post
Share on other sites

Hi Ruben, 
 

it seems its related to Cyberlink software that is part of the OEM.

OK, thank you. 
 
Delete these files: 
C:\Users\Tiger Mbeje\Desktop\installer_adobe_flash_player_English.exe
C:\Users\Tiger Mbeje\Desktop\MY STUFF\new release\youtube_downloader_hd_setup.exe
 
Right-Click the Recycle Bin afterwards and click Empty.
 
----------
 
Are there any outstanding issues or concerns with the computer?

Link to post
Share on other sites

Hello Ruben, 
 
Please uninstall Java 7 Update 67. 
Here is some information concerning the risks of using Java. 
 
Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.
 
---------------
 

What is your take on CryptoPrevent by www.foolishit.com? (hmmm that name can be interpteted wrongly...)

I highly recommend the programme. 
CryptoPrevent places policy restrictions on known loading points for ransomware and other malware. 
 

All is running perfectly fine.

Excellent. 
With this in mind -
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam

Link to post
Share on other sites

Thanks Adam, your assistance is much appreciated.

 

Tonight I'll read through all the links and see how I can best make use of it.

 

Pity those files are lost to the encryption - hopefully soon what happened to CryptoLocker will happen to CTB-Locker.

 

I bid you a sincere thanks and may you have a great year.

Link to post
Share on other sites

You're quite welcome, Ruben. 
 

Pity those files are lost to the encryption - hopefully soon what happened to CryptoLocker will happen to CTB-Locker.

Whilst that certainly would be nice, I highly doubt CTB Locker is going anywhere anytime soon. The CTB Locker campaign only seems to be growing at the moment.
 

and may you have a great year.

And the same to you too. :)
 
I will mark your topic as solved. 
 
All the best, 
Adam

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.