Jump to content

Koofy

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Posts posted by Koofy

    Encrypted files!I think this is a brand new sort of virus/malicious software. ( At least in Norway )

    in Resolved Malware Removal Logs

    Posted

     

    Looks OK, no malware showing.
     
    Just clean these up:
     
    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.
     
    MrC

     

     

    Thanks for very very nice help :D

     

    Her comes the fixlog.txt

     

    Regards

    Rolf

    Fixlog.txt

    Encrypted files!I think this is a brand new sort of virus/malicious software. ( At least in Norway )

    in Resolved Malware Removal Logs

    Posted

    Thanks again :)

    And thanks for helping me with the scann resluts.

     

    Here is the scann results:

     

    FRST Scann:

    ___________________________

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by sidselwerner at 2015-04-01 21:11:02
    Running from C:\@service fjernstyrtpchjelp
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee  Anti-Virus og Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee  Anti-Virus og Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
    Adlibris (HKLM-x32\...\Adlibris) (Version: 5.0.6 - CEWE COLOR AG u Co. OHG)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Apple-programvaresupport (32-bits) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple-programvaresupport (64-bits) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.14.0 - Ask.com) <==== ATTENTION
    Ask Toolbar Updater (HKU\S-1-5-21-1040864562-2501411741-2343481827-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ATTENTION
    Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
    Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
    Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.2.15 - Canon Inc.)
    Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)
    Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.3.0.4 - Canon Inc.)
    Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.1.10 - Canon Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.0.0.19 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.4.0.7 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
    Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
    CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4827 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Musikkscene (HKLM-x32\...\{D8875B79-CF2C-4298-B67A-A3320E3AEC87}) (Version: 1.6.225.0 - Fingertapping)
    Dell P513w (HKLM\...\Dell P513w) (Version:  - Dell, Inc.)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
    Dell Stage (HKLM-x32\...\{DD8DA2D5-6328-48B6-B669-32304E316D4A}) (Version: 1.7.209.0 - Fingertapping)
    Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
    Dell Verktøylinje (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
    Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
    Dell VideoStage  (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    ImageMixer 3 SE Ver.6 Transfer Utility (HKLM-x32\...\{3A2AD071-AABD-4712-A43E-11D06BAA661D}) (Version: 6.00.018 - PIXELA)
    ImageMixer 3 SE Ver.6 Video Tools (HKLM-x32\...\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}) (Version: 6.00.020 - PIXELA)
    Intel PROSet Wireless (x32 Version:  - ) Hidden
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
    Intel® PROSet/Wireless WiFi-programvare (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
    Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® Turbo Boost-teknologi monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware versjon 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
    McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
    McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Min CEWE FOTOVERDEN (HKLM-x32\...\Min CEWE FOTOVERDEN) (Version: 5.0.6 - CEWE COLOR AG u Co. OHG)
    Mozilla Firefox 35.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 nb-NO)) (Version: 35.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA 3D Vision-driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
    NVIDIA Grafikkdriver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
    PhotoShowExpress (x32 Version: 2.0.063 - ##COMPANY_NAME##) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR) (Version: 10.0.50903 - Microsoft Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.22.0 - Synaptics Incorporated)
    SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
    SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
    TeamViewer 7 Host (HKLM-x32\...\TeamViewer 7 Host) (Version: 7.0.12541 - TeamViewer)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    ATTENTION: System Restore is disabled.

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2015-03-31 07:32 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {13B530F0-5CDD-4E8E-9A79-F967E9E44E47} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
    Task: {1DA51D2F-2D0D-48C2-ABE8-63DDF17E06E7} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b64b6f8a099 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
    Task: {2801DB47-5817-4271-8FA6-E6FAAEFBAE1F} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff656239ddd9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
    Task: {38882D5F-A2B7-45EF-AF4E-06695E9C4E5F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-03-31] (Enigma Software Group USA, LLC.)
    Task: {392C6D1D-BC48-4BD6-A16A-1DE9F71AEAF0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
    Task: {3E274368-6903-42A1-A5EF-143005748686} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {436A12BA-1C8E-4759-90E4-5AC5EC2124DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {43E2590A-9230-4F5D-A33F-F7811CDE5F59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {5F4DC68C-EECB-46EB-B0AE-505D06092791} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {661062F2-32D0-43BF-A3CF-60CC352AF339} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
    Task: {6E40BB63-3088-4161-A191-F036DBFDD04C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
    Task: {706AF888-9973-437D-8C28-429D7A13E38A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {81BFE277-0DCE-4987-89E5-97824BC2C529} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
    Task: {911C145B-93F4-414B-88C7-17ECF95030BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {C28B38AA-6663-4A4E-9988-953AFD348C03} - System32\Tasks\GoogleUpdateTaskMachineUA1d040c3a838c157 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
    Task: {CAF170D0-C57A-470A-AD97-7947043AD84F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {D53F391D-3206-48A2-A9ED-A2F10EC0CA86} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b64b6f8a099.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff656239ddd9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d040c3a838c157.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-11-01 19:58 - 2011-11-01 19:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-08-23 12:10 - 2009-11-04 15:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlebdrpp.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-06-27 22:36 - 2011-07-20 00:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-06-27 21:46 - 2010-12-17 17:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    2011-11-01 19:58 - 2011-11-01 19:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2011-06-28 02:26 - 2011-06-28 02:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    2012-08-23 12:05 - 2011-01-24 02:37 - 00770728 _____ () C:\Program Files (x86)\Dell P513w\dlebmon.exe
    2012-08-23 12:05 - 2011-01-24 02:37 - 00139944 _____ () C:\Program Files (x86)\Dell P513w\ezprint.exe
    2011-06-29 15:52 - 2011-06-29 15:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    2010-11-17 17:35 - 2010-11-17 17:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2012-02-01 18:50 - 2012-02-01 18:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    2012-08-23 12:08 - 2009-12-16 13:42 - 00205824 _____ () C:\Program Files\Dell\P513w\dlebmicro.dll
    2012-08-23 12:08 - 2010-04-01 19:30 - 01558528 _____ () C:\Program Files\Dell\P513w\dlebdrs64.dll
    2012-08-23 12:08 - 2009-11-26 10:55 - 00075264 _____ () C:\Program Files\Dell\P513w\dlebcfg64.dll
    2012-08-23 12:08 - 2009-03-10 07:44 - 00015360 _____ () C:\Program Files\Dell\P513w\dlebcaps64.dll
    2012-08-23 12:08 - 2009-03-05 19:55 - 00057344 _____ () C:\Program Files\Dell\P513w\dlebcnv464.dll
    2012-06-27 22:03 - 2012-01-27 04:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-11-29 22:04 - 2010-11-29 22:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\no\SignalIslandUi.resources.dll
    2015-04-01 21:00 - 2015-04-01 20:58 - 20436568 _____ () C:\@service fjernstyrtpchjelp\RogueKillerX64.exe
    2010-03-17 03:28 - 2010-03-17 03:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
    2010-03-22 22:52 - 2010-03-22 22:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
    2010-03-17 03:28 - 2010-03-17 03:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
    2010-03-17 03:28 - 2010-03-17 03:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
    2011-06-25 06:20 - 2011-06-25 06:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
    2011-06-28 02:25 - 2011-06-28 02:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
    2011-06-25 06:36 - 2011-06-25 06:36 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\nb-NO\UI\ManagerUI.dll
    2010-03-12 02:52 - 2010-03-12 02:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
    2010-03-05 22:07 - 2010-03-05 22:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
    2010-03-05 22:07 - 2010-03-05 22:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
    2010-03-12 02:52 - 2010-03-12 02:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
    2012-08-23 12:03 - 2009-11-26 10:50 - 00086183 _____ () C:\Program Files (x86)\Dell P513w\dlebcfg.dll
    2012-08-23 12:05 - 2010-04-01 19:23 - 00389120 _____ () C:\Program Files (x86)\Dell P513w\dlebscw.dll
    2012-08-23 12:05 - 2009-05-27 14:16 - 00192512 _____ () C:\Program Files (x86)\Dell P513w\dlebdatr.dll
    2012-08-23 12:05 - 2010-04-01 19:24 - 01159168 _____ () C:\Program Files (x86)\Dell P513w\dlebDRS.dll
    2012-08-23 12:05 - 2009-03-10 07:43 - 00155648 _____ () C:\Program Files (x86)\Dell P513w\dlebcaps.dll
    2012-08-23 12:05 - 2009-03-05 19:55 - 00059904 _____ () C:\Program Files (x86)\Dell P513w\dlebcnv4.dll
    2012-08-23 12:01 - 2009-02-12 13:33 - 00381952 _____ () C:\Windows\system32\dlebsm.dll
    2012-08-23 12:01 - 2009-04-28 09:57 - 00028672 _____ () C:\Windows\system32\dlebsmr.dll
    2012-08-23 12:05 - 2009-03-30 14:40 - 00708608 _____ () C:\Program Files (x86)\Dell P513w\Epwizard.DLL
    2012-08-23 12:05 - 2009-03-30 14:38 - 00159744 _____ () C:\Program Files (x86)\Dell P513w\customui.dll
    2012-08-23 12:05 - 2009-03-30 14:38 - 00114688 _____ () C:\Program Files (x86)\Dell P513w\Eputil.DLL
    2012-08-23 12:05 - 2009-03-30 14:37 - 00139264 _____ () C:\Program Files (x86)\Dell P513w\Imagutil.DLL
    2012-08-23 12:05 - 2009-03-30 14:38 - 00061440 _____ () C:\Program Files (x86)\Dell P513w\Epfunct.DLL
    2012-08-23 12:05 - 2009-06-23 13:12 - 02203648 _____ () C:\Program Files (x86)\Dell P513w\EPWizRes.dll
    2012-08-23 12:05 - 2009-06-23 13:13 - 00045056 _____ () C:\Program Files (x86)\Dell P513w\epstring.dll
    2012-08-23 12:05 - 2009-06-23 13:13 - 00192512 _____ () C:\Program Files (x86)\Dell P513w\EPOEMDll.dll
    2012-08-23 12:05 - 2009-04-07 21:25 - 00409600 _____ () C:\Program Files (x86)\Dell P513w\iptk.dll
    2012-08-23 12:06 - 2009-03-02 16:25 - 00151552 _____ () C:\Program Files (x86)\Dell P513w\dlebptp.dll
    2014-07-28 14:19 - 2009-07-21 14:42 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
    2015-03-31 07:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-03-31 07:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-03-31 07:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2010-11-25 05:44 - 2010-11-25 05:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2012-02-01 18:44 - 2012-02-01 18:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
    2012-02-01 18:44 - 2012-02-01 18:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
    2015-03-31 07:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-03-31 07:20 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1040864562-2501411741-2343481827-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sidselwerner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 62.65.30.10 - 212.20.193.130

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1040864562-2501411741-2343481827-500 - Administrator - Disabled)
    Gjest (S-1-5-21-1040864562-2501411741-2343481827-501 - Limited - Disabled)
    sidselwerner (S-1-5-21-1040864562-2501411741-2343481827-1001 - Administrator - Enabled) => C:\Users\sidselwerner
    UpdatusUser (S-1-5-21-1040864562-2501411741-2343481827-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/01/2015 11:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Programnavn med feil: pcdrcui.exe, versjon: 6.0.6584.52, tidsangivelse: 0x54cb2d14
    Modulnavn med feil: KERNELBASE.dll, versjon: 6.1.7601.18409, tidsangivelse: 0x5315a05a
    Unntakskode: 0xe0434352
    Feilforskyvning: 0x000000000000940d
    Feil prosess-ID: 0x838
    Feil starttid for program: 0xpcdrcui.exe0
    Feil programbane: pcdrcui.exe1
    Feil modulbane: pcdrcui.exe2
    Rapport-ID: pcdrcui.exe3

    Error: (04/01/2015 11:09:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: pcdrcui.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: Pcd.DataStore.DatabaseError
    Stack:
       at pcd.native.AppStateDataStoreAccessor.get_Store()
       at pcd.native.AppStateDataStoreAccessor.Contains(System.String)
       at PCDoctor.DataStore.DataStore.GetValue(System.String)
       at PCDoctor.DataStore.Settings.GetBoolValue(System.String, Boolean)
       at pcd.controllers.MainController.LoadProxySettings()
       at pcd.controllers.MainController.BackgroundStartThread()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()

    Error: (04/01/2015 05:53:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 90080108

    Error: (04/01/2015 04:50:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (03/31/2015 07:39:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/31/2015 07:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Programnavn med feil: stage_primary.exe, versjon: 1.7.209.0, tidsangivelse: 0x4f286f8c
    Modulnavn med feil: MSVCR90.dll, versjon: 9.0.30729.6161, tidsangivelse: 0x4dace5b9
    Unntakskode: 0x40000015
    Feilforskyvning: 0x0005beae
    Feil prosess-ID: 0xf0c
    Feil starttid for program: 0xstage_primary.exe0
    Feil programbane: stage_primary.exe1
    Feil modulbane: stage_primary.exe2
    Rapport-ID: stage_primary.exe3

    Error: (03/31/2015 07:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Programnavn med feil: pcdrcui.exe, versjon: 6.0.6584.52, tidsangivelse: 0x54cb2d14
    Modulnavn med feil: KERNELBASE.dll, versjon: 6.1.7601.18409, tidsangivelse: 0x5315a05a
    Unntakskode: 0xe0434352
    Feilforskyvning: 0x000000000000940d
    Feil prosess-ID: 0x1f6c
    Feil starttid for program: 0xpcdrcui.exe0
    Feil programbane: pcdrcui.exe1
    Feil modulbane: pcdrcui.exe2
    Rapport-ID: pcdrcui.exe3

    Error: (03/31/2015 07:35:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: pcdrcui.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: Pcd.DataStore.DatabaseError
    Stack:
       at pcd.native.AppStateDataStoreAccessor.get_Store()
       at pcd.native.AppStateDataStoreAccessor.Contains(System.String)
       at PCDoctor.DataStore.DataStore.GetValue(System.String)
       at PCDoctor.DataStore.Settings.GetBoolValue(System.String, Boolean)
       at pcd.controllers.MainController.LoadProxySettings()
       at pcd.controllers.MainController.BackgroundStartThread()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()

    Error: (03/31/2015 00:33:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 90080108

    Error: (03/31/2015 00:28:34 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Informasjon fra Volume Shadow Copy-tjenesten: Kan ikke starte COM-serveren med CLSIDen {e579ab5f-1cc4-44b4-bed9-de0991ff0623} og navnet Coordinator. [0x80070005, Ingen tilgang.
    ]


    System errors:
    =============
    Error: (04/01/2015 09:03:01 PM) (Source: volsnap) (EventID: 16) (User: )
    Description: Skyggekopien for volum D: ble avbrutt fordi volum D:, som inneholder et skyggekopilager for denne skyggekopien, ble tvungent demontert.

    Error: (03/31/2015 07:41:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Tjenesten 1% kan ikke starte på grunn av følgende feil:
    %%2

    Error: (03/31/2015 07:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Tjenesten Dell SupportAssist Agent kan ikke starte på grunn av følgende feil:
    %%1053

    Error: (03/31/2015 07:39:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Det oppstod et tidsavbrudd (30000 millisekunder) under venting på at tjenesten Dell SupportAssist Agent skal koble til.

    Error: (03/31/2015 07:38:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Tjenesten Spybot-S&D 2 Security Center Service avhenger av tjenesten Security Center som ikke kan starte på grunn av følgende feil:
    %%1058

    Error: (03/31/2015 07:38:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Tjenesten Spybot-S&D 2 Scanner Service kan ikke starte på grunn av følgende feil:
    %%1053

    Error: (03/31/2015 07:38:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Det oppstod et tidsavbrudd (30000 millisekunder) under venting på at tjenesten Spybot-S&D 2 Scanner Service skal koble til.

    Error: (03/31/2015 00:28:34 PM) (Source: DCOM) (EventID: 10016) (User: sidselwerner-PC)
    Description: programspesifikkLokalAktivering{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}sidselwerner-PCsidselwernerS-1-5-21-1040864562-2501411741-2343481827-1001LocalHost (bruker LRPC)

    Error: (03/31/2015 07:50:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-MYNDIGHET)
    Description: Følgende kritiske varsel er generert: 10. Intern feiltilstand er 10.

    Error: (03/31/2015 07:50:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-MYNDIGHET)
    Description: Følgende kritiske varsel er generert: 10. Intern feiltilstand er 10.


    Microsoft Office Sessions:
    =========================
    Error: (04/01/2015 11:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: pcdrcui.exe6.0.6584.5254cb2d14KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d83801d06c5b909fa627C:\Program Files\Dell\SupportAssist\pcdrcui.exeC:\Windows\system32\KERNELBASE.dlld2f562c1-d84e-11e4-8622-00dbdf0f0301

    Error: (04/01/2015 11:09:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: pcdrcui.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: Pcd.DataStore.DatabaseError
    Stack:
       at pcd.native.AppStateDataStoreAccessor.get_Store()
       at pcd.native.AppStateDataStoreAccessor.Contains(System.String)
       at PCDoctor.DataStore.DataStore.GetValue(System.String)
       at PCDoctor.DataStore.Settings.GetBoolValue(System.String, Boolean)
       at pcd.controllers.MainController.LoadProxySettings()
       at pcd.controllers.MainController.BackgroundStartThread()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()

    Error: (04/01/2015 05:53:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 90080108

    Error: (04/01/2015 04:50:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (03/31/2015 07:39:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/31/2015 07:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: stage_primary.exe1.7.209.04f286f8cMSVCR90.dll9.0.30729.61614dace5b9400000150005beaef0c01d06bd9779c78acC:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dlld4a1eb32-d7cc-11e4-8622-00dbdf0f0301

    Error: (03/31/2015 07:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: pcdrcui.exe6.0.6584.5254cb2d14KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d1f6c01d06b9f469bc96fC:\Program Files\Dell\SupportAssist\pcdrcui.exeC:\Windows\system32\KERNELBASE.dll509ded85-d7cc-11e4-9c28-00dbdf0f0301

    Error: (03/31/2015 07:35:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: pcdrcui.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: Pcd.DataStore.DatabaseError
    Stack:
       at pcd.native.AppStateDataStoreAccessor.get_Store()
       at pcd.native.AppStateDataStoreAccessor.Contains(System.String)
       at PCDoctor.DataStore.DataStore.GetValue(System.String)
       at PCDoctor.DataStore.Settings.GetBoolValue(System.String, Boolean)
       at pcd.controllers.MainController.LoadProxySettings()
       at pcd.controllers.MainController.BackgroundStartThread()
       at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
       at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
       at System.Threading.ThreadHelper.ThreadStart()

    Error: (03/31/2015 00:33:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 90080108

    Error: (03/31/2015 00:28:34 PM) (Source: VSS) (EventID: 13) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Ingen tilgang.


    ==================== Memory info ===========================

    Processor: Intel® Core i7-2670QM CPU @ 2.20GHz
    Percentage of memory in use: 75%
    Total physical RAM: 8086.17 MB
    Available physical RAM: 1997.25 MB
    Total Pagefile: 16170.52 MB
    Available Pagefile: 10122.45 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:265.54 GB) NTFS
    Drive d: () (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS
    Drive f: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) FAT

    ==================== MBR & Partition Table ==================

    ==================== End Of Log ============================

     

    Rougekiller scann:

    ___________________________________________________________________________________-

     

    RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : sidselwerner [Administrator]
    Started from : C:\@service fjernstyrtpchjelp\RogueKillerX64.exe
    Mode : Scan -- Date : 04/01/2015  21:10:50

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 13 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} -> Found
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnUpdater : "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{78EFA4C1-D383-4D7D-9C55-39877F189146} | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{78EFA4C1-D383-4D7D-9C55-39877F189146} | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{78EFA4C1-D383-4D7D-9C55-39877F189146} | DhcpNameServer : 62.65.30.10 212.20.193.130 188.126.192.140 [NORWAY (NO)][NORWAY (NO)][NORWAY (NO)]  -> Found
    [PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] jl6axed5.default : MapsGalaxy [39ffxtbr@MapsGalaxy_39.com] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS727550A9E364 +++++
    --- User ---
    [MBR] fec42edfff775e9b5a27d91630f35255
    [bSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Hitachi HTS727550A9E364 +++++
    --- User ---
    [MBR] e5937aba60712c4e0cb562c1c8228034
    [bSP] 399df0c455aabd3e6b8ddf487d890c19 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Dell USB Mass Storage USB Device +++++
    Error reading User MBR! ([15] Enheten er ikke klar. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] Forespørselen støttes ikke. )
     

    ______END OF LOG______________________________________________________________-

     

    Including attached file: Additon.txt.

     

    Thank you in advance :D

     

    Regards

    Rolf

     

     

    Addition.txt

    Encrypted files!I think this is a brand new sort of virus/malicious software. ( At least in Norway )

    in Resolved Malware Removal Logs

    Posted

    Is there no way to get my files back/decryptering the files?

    If these methods don't work, then the files are gone. (unless you pay the ransom)

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

    ==================================

    Follow the instructions below and we'll make sure the virus is gone:

     

    Thanks again. :D

     

    But can i be sure that all the scann I wrote about in my last post have removed the virus/malware?

    ( I have runn Malwarebytes, spyhunter, Spybot-S&D and Norton Power Eraser. Malwarebutes and Spyhunter removed some ransomware virus so I guess

    CryptoWall is gone. ) ( but for sure I guess u only can answerd abot the Malewarebytes scann :)

     

    Of course you cant know it for sure, but will the virus/maleware normally be delited and done with full Malwarebytes Scann?

     

    Regards

    Rolf

    Encrypted files!I think this is a brand new sort of virus/malicious software. ( At least in Norway )

    in Resolved Malware Removal Logs

    Posted

    Here's some info on that virus:

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

    We can delete the virus but your files are most likely gone.

    MrC

    Thanks for anwerd :)

     

    I have runn Malwarebytes, spyhunter, Spybot-S&D and Norton Power Eraser. Malwarebutes and Spyhunter removed some ransomware virus so I guess

    CryptoWall is gone.

     

    But, as you write: "but your files are most likely gone." : Is there no way to get my files back/decryptering the files?

     

    And, with the scann I write about above: Can i be sure the virus/malware is gone or do I have to do some manual removing in registry and so?

    ( Do a new updated Malwarebytes remove the virus? )

     

    Regards

    Rolf

    Encrypted files!I think this is a brand new sort of virus/malicious software. ( At least in Norway )

    in Resolved Malware Removal Logs

    Posted

    The folder "documents and settings" and all files in the whole computer ( c: d: and f: )is encrypted by virus

     

    It tells me to go to  http://7oqnsnzwwnm6zb7y.icepaytor.com/10giv5Rand pay for decypting my files.

    For sure I will not do that! :)

     

    I think this is a brand new sort of virus/malicious software. ( At least in Norway )

     

    Any idea how to remove this virus/malicious software? Will Malwarebytes do it? ( I try a scann now )

     

    I attach 1 files I get from this blackmailing "provider"

     

    I hope for a good and fast anwer :)

     

    Regards

    Rolf

    post-118362-0-70953100-1427758246_thumb.

    Malwarebytes boot cd for cleaning a totally locked computer?

    in Malwarebytes for Windows Support Forum

    Posted

    Anybody know it is poosible no run malwarebytes from a bootcd?

    In norway we now have attac working that way that computer been locked and the user have to pay a bill because off illegal porn sufing and download.

    The user have to pay a ticket to "police" for get a code to unlock computer.

    Computer can not be started in safemode and is totally locked.

    Therefore I need a tools that can clean computer for the infected problems.

    Maybye malewarebytes not will find this problem anyway...but someboody out there have any tips about this problem?

    ...and sorry my bad english :-)

    Regards

    Koofy

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.