Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I have a virus?


  • Please log in to reply
20 replies to this topic

#1 mattylevan

mattylevan

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 03 July 2015 - 03:27 AM

Today I turned my computer on and the desktop took longer to load than normal, then when I opened Chrome it took me to a welcome page to sign back in even though I had it set to remain signed in permanently.

 

Next I looked at my files and they were gone, the entire libraries section is now empty. I am restoring from Mozy backup but why has this happened?

 

I already have Malware Bytes and ESET running neither of which has ever detected anything but I am at a loss to understand what is going on and wondering if some kind of malware has snuck through.

 

By the way I have not updated anything although I cannot guarantee Windows has not decided to update itself without my knowledge.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 03 July 2015 - 05:29 AM

Hello,

Do you by any chance have CCleaner installed?

#3 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 12:16 PM

I didn't think I had, however a search for ccleaner shows up a file called ccsetup503

 

By the way, I had to turn off the data restore before it completed as I was away over the weekend but on returning all the files have reappeared. I now don't have any idea what is happening



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 06 July 2015 - 12:22 PM

Let's rule out infections before we investigate further.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#5 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 12:52 PM

MiniToolBox by Farbar  Version: 01-07-2015
Ran by User (administrator) on 06-07-2015 at 18:51:31
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: W54xEU-HP Manufacturer: VeryPC
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/06/2015 04:57:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 08:43:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2015 02:38:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2015 08:28:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 04:09:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 10:24:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 07:15:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2015 02:13:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:22:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 07:50:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/06/2015 05:06:03 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a28\??\C:\Users\User\ntuser.dat
 
Error: (07/06/2015 05:00:39 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a28\??\C:\Users\User\ntuser.dat
 
Error: (07/06/2015 05:00:31 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service hung on starting.
 
Error: (07/06/2015 04:59:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/03/2015 08:46:28 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a28\??\C:\Users\User\ntuser.dat
 
Error: (07/03/2015 08:46:19 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a28\??\C:\Users\User\ntuser.dat
 
Error: (07/03/2015 08:44:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/02/2015 02:37:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/02/2015 02:36:39 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a28\??\C:\Users\User\ntuser.dat
 
Error: (07/02/2015 08:31:36 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (07/06/2015 04:57:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/03/2015 08:43:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2015 02:38:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/02/2015 08:28:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 04:09:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/01/2015 10:24:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/30/2015 07:15:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/29/2015 02:13:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:22:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 07:50:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{3C776B0F-D46B-492A-A1A2-D413FA432AA6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
BBC iPlayer Downloads (HKLM-x32\...\{60094A87-D184-4616-9538-F111C02042F8}) (Version: 1.8.0 - BBC)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DJ3520FWUpdateAlert (HKLM-x32\...\{42812A46-01AB-466D-A5DB-03050C64AF82}) (Version: 2.00.0000 - HP) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elevated Installer (HKLM-x32\...\{536854BE-161A-45E3-8119-9C5170622594}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Smart Security (HKLM\...\{293ADC3B-DCF3-44C2-9CE8-19DD2B4F7646}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Garmin Express (HKLM-x32\...\{2D202D2F-C6F4-4D96-A93F-3BDA7519DE5D}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{48EDC72D-3A74-4F6C-9DD2-B8DF3E63B4AB}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 65.223.153 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Health, safety and environment test download for managers and professionals 2015 edition (HKLM-x32\...\{259D305F-30A7-4ED7-9BEC-F6774475435A}_is1) (Version: 5.0 - Imagitech Ltd.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
i-sure Restore Client (HKLM-x32\...\{E992AC8F-567A-44E0-A2F5-20DA5DE2CBCD}) (Version: 2.1.0 - i-sure)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozyPro (HKLM\...\{9EF15318-28EE-E088-B747-815E1B3EF36B}) (Version: 2.26.8.416 - MozyPro by BCSG)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1412.176 - Trusteer) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15044.7 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 70%
Total physical RAM: 3969.31 MB
Available physical RAM: 1190.59 MB
Total Virtual: 7936.83 MB
Available Virtual: 4412.14 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:209.67 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER-PC
 
Administrator            Guest                    hzdqwotr                 
My account               User                     
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\032315-18969-01.dmp
C:\Windows\Minidump\060415-27846-01.dmp
========================= Restore Points ==================================
 
19-06-2015 23:02:49 Windows Update
21-06-2015 18:01:40 Garmin Express
21-06-2015 18:04:41 Garmin Express
24-06-2015 15:25:03 Installed Rapport
24-06-2015 15:40:47 Windows Update
27-06-2015 18:54:23 Windows Update
06-07-2015 16:04:40 Windows Update
 
**** End of log ****


#6 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 12:59 PM

Sorry didn't read that you said to attach the txt file I will do that with the next bit



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 06 July 2015 - 01:03 PM

You can't attach anything here since it is not allowed in this area (Am I Infected). Just post logs in the same manner as you did with the MiniToolbox log aboe.

Please proceed with the EEK scan - shouldn't take long :)

#8 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 01:13 PM

I just completed the EEK scan and the report is

 

Emsisoft Emergency Kit - Version 10.0
Last update: 06/07/2015 18:59:33
User account: User-PC\User
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 06/07/2015 19:01:44
 
Scanned 73516
Found 0
 
Scan end: 06/07/2015 19:12:00
Scan time: 0:10:16

It looks to me as if this is not finding any problems



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 06 July 2015 - 01:15 PM

Hi there,

Please uninstall the following software from Programs and Features:

Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

If you run into any issues, let me know.

Please update Malwarebytes Anti-Malware, then perform a Threat Scan for me and post the log here. You can find it in History => Application Logs.

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#10 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 01:21 PM

Hi,

 

I have just uninstalled those two programs and will run a Malwarebytes scan

 

I already have ESET smart security running is it really necessary to separately download and run another ESET program?



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 06 July 2015 - 01:29 PM

Ooops, I forgot that you have ESS :) In that case please skip ESET Online Scanner and run this.

Kaspersky Virus Removal Tool

4n7CEPj.jpgPlease download Kaspersky Virus Removal Tool from here.
  • Right click on NfpAe5Z.jpg and select Run as Administrator.
  • Read the EULA, then select Accept.
  • Wait for Kaspersky Virus Removal Tool to initialize.
  • In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  • Click Start scan.
  • Wait for Kaspersky Virus Removal Tool to complete scanning.
  • When the scan is finished, select Neutralize all for all detected objects.
  • Close Kaspersky Virus Removal Tool when done.
Let me know if it found anything.

Regards,
Alex

#12 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 01:44 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/07/2015
Scan Time: 19:22
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.06.05
Rootkit Database: v2015.07.05.03
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465640
Time Elapsed: 21 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 06 July 2015 - 03:42 PM

Kaspersky

 

Duration 1:50:39

Processed 1418023 objects

Found 0 objects

Neutralised 0 objects

Quarantined 0 objects



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:37 AM

Posted 06 July 2015 - 06:16 PM

Can you update and perform a scan with ESET Smart Security as well?

Let me know if that problem turns up again.

#15 mattylevan

mattylevan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 July 2015 - 04:38 AM

ESET results
 
Scan Log
Version of virus signature database: 11901 (20150707)
Date: 07/07/2015  Time: 09:54:50
Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\User\ntuser.dat - error opening [4]
C:\Users\User\ntuser.dat.LOG1 - error opening [4]
C:\Users\User\ntuser.dat.LOG2 - error opening [4]
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\WebCacheLock.dat - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{06C9D895-1CAC-4462-9BB5-28CB06D2D006}.tmp - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5D5CBDE0-E94B-4549-8ECC-2771CB95620F}.tmp - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CDB25A1F-07D1-4129-BD3D-5FBF8722BDA2}.tmp - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CDFA5B04-F640-4D97-8432-B369D585762D}.tmp - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Users\User\AppData\LocalLow\Google\GoogleEarth\webdata\f_00001d » ZIP » doc.kml - error reading archive
C:\Users\User\Desktop\ccsetup503.exe » NSIS » PF-Toolbar-W78.exe » NSIS » GoogleUpdateSetup_1.3.21.169.exe » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Users\User\Documents\Matty\Documents\Business\Contracts\Ecosulis\Potential employees\Emanuelle Amiral\New folder\C.V. GCN.pages (1).zip » ZIP » __MACOSX/C.V. GCN.pages/._Index.zip » ZIP »  - archive damaged
C:\Users\User\Documents\Matty\Documents\Business\Contracts\Ecosulis\Potential employees\Emanuelle Amiral\New folder\GCN log .pages (1).zip » ZIP » __MACOSX/GCN log .pages/._Index.zip » ZIP »  - archive damaged
C:\Windows\AppCompat\Programs\Amcache.hve - error opening [4]
C:\Windows\AppCompat\Programs\Amcache.hve.LOG1 - error opening [4]
C:\Windows\AppCompat\Programs\Amcache.hve.LOG2 - error opening [4]
C:\Windows\Installer\115c86.msi » MSI » Binary.GoogleChromeInstaller » OMAHA » content.tar » TAR » GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\Installer\22da33.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\Installer\338646.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\ServiceProfiles\LocalService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e48bfe7cea6ff9ccec44fbcd710758757d462616.HomeGroupClassifier\499a6b08a09268a1effc68ba78f163a8\grouping\db.mdb - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e48bfe7cea6ff9ccec44fbcd710758757d462616.HomeGroupClassifier\499a6b08a09268a1effc68ba78f163a8\grouping\edb.log - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e48bfe7cea6ff9ccec44fbcd710758757d462616.HomeGroupClassifier\499a6b08a09268a1effc68ba78f163a8\grouping\tmp.edb - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\components - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]
C:\Windows\System32\config\default - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]
C:\Windows\System32\config\sam - error opening [4]
C:\Windows\System32\config\SAM.LOG1 - error opening [4]
C:\Windows\System32\config\SAM.LOG2 - error opening [4]
C:\Windows\System32\config\security - error opening [4]
C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]
C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]
C:\Windows\System32\config\software - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]
C:\Windows\System32\config\system - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]
C:\Windows\System32\config\RegBack\DEFAULT - error opening [4]
C:\Windows\System32\config\RegBack\SAM - error opening [4]
C:\Windows\System32\config\RegBack\SECURITY - error opening [4]
C:\Windows\System32\config\RegBack\SOFTWARE - error opening [4]
C:\Windows\System32\config\RegBack\SYSTEM - error opening [4]
Boot sector of disk D: - error opening [4]
D:\ - error opening [4]
Number of scanned objects: 239326
Number of threats found: 0
Time of completion: 10:29:05  Total scanning time: 2055 sec (00:34:15)
 
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users