Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop acting strangely but can't find virus/malware


  • Please log in to reply
21 replies to this topic

#1 ElleBelleAus

ElleBelleAus

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 02 August 2015 - 09:19 PM

Yesterday I went to open Microsoft OneNote and found all Microsoft office programs were missing from my computer, I was able to reinstall but they do not show up in my all programs list, I have unhidden all folders and still cannot find them but can open them if I chose a file of the correct type like a word document if I want to open Word.  I looked in my system restore and all restore points had been deleted apart from one from around 12pm yesterday after a windows critical update.  I restored to that point but it has made no difference.  I decided perhaps I had malware, so I opened Malwarebytes and it opened but said I had never scanned this computer, so I tried to scan and it kept shutting down, so I downloaded it again and did a scan which came up with nothing.  I then noticed Malwarebytes wasnt running the latest update, was using June update, so I updated and ran another scan which still showed nothing.

Things just dont seem right and I don't know why, my programs list doesnt seem to be showing a lot of programs.  Thanks in advance for your advice....Elle



BC AdBot (Login to Remove)

 


#2 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 02 August 2015 - 09:45 PM

Operating System
    Windows 7 Home Premium 32-bit SP1
    Computer type: Portable
    Installation Date: 6/01/2012 12:00:21 PM
    Serial Number: 6MVJX-7RQKF-3Q88W-9VPXF-M6QJ9
        Windows Security Center
            User Account Control (UAC)    Enabled
            Notify level    2 - Default
            Firewall    Enabled
        Windows Update
            AutoUpdate    Not configured
        Windows Defender
            Windows Defender    Disabled
        Antivirus
            Antivirus    Enabled
            Display Name    AVG AntiVirus Free Edition 2015
            Virus Signature Database    Up to date
        .NET Frameworks installed
            v4.5 Full
            v4.5 Client
            v3.5 SP1
            v3.0 SP2
            v2.0 SP2
        Internet Explorer
            Version    11.0.9600.17914
        PowerShell
            Version    2.0
        Java
                Java Runtime Environment
                    Path    C:\Program Files\Java\jre1.8.0_31\bin\java.exe
                    Version    8.0
                    Update    31
                    Build    13
        Environment Variables
            USERPROFILE    C:\Users\Elle
            SystemRoot    C:\Windows
                User Variables
                Machine Variables
        Battery
            AC Line    Online
            Battery Charge %    0 %
            Battery State    Low
            Remaining Battery Time    Unknown
        Power Profile
            Active power scheme    Balanced
            Hibernation    Enabled
            Turn Off Monitor after: (On AC Power)    60 min
            Turn Off Monitor after: (On Battery Power)    5 min
            Turn Off Hard Disk after: (On AC Power)    20 min
            Turn Off Hard Disk after: (On Battery Power)    10 min
            Suspend after: (On AC Power)    300 min
            Suspend after: (On Battery Power)    15 min
            Screen saver    Enabled
        Uptime
                Current Session
                    Current Time    3/08/2015 12:44:51 PM
                    Current Uptime    10,738 sec (0 d, 02 h, 58 m, 58 s)
                    Last Boot Time    3/08/2015 9:45:53 AM
        Services
        TimeZone
            TimeZone    GMT +10:00 Hours
            Language    English (Australia)
            Location    Australia
            Format    English (Australia)
            Currency    $
            Date Format    d/MM/yyyy
            Time Format    h:mm:ss tt
        Scheduler
            3/08/2015 11:39 AM;    Adobe Flash Player Updater
            3/08/2015 12:26 PM;    GoogleUpdateTaskMachineUA
            4/08/2015 10:26 AM;    GoogleUpdateTaskMachineCore
            8/08/2015 9:00 AM;    SmartDefrag_Schedule
            Adobe Acrobat Update Task
            CCleanerSkipUAC
            Elle DBAgent 2 0
            PCDEventLauncherTask
            Seagate_Install_Launch
            SidebarExecute
            SmartDefrag3_Startup
            SmartDefrag3_Update
        Hotfixes
        System Folders
        Process List
        Security Options
        Device Tree



#3 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 02 August 2015 - 09:47 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/03/2015 10:03:19 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1    localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15491 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 08/03/2015 10:16:20 AM
Execution time: 0 hours(s), 13 minute(s), and 1 seconds(s)
 



#4 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 02 August 2015 - 11:14 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Elle (administrator) on 03-08-2015 at 14:07:03
Running from "C:\Users\Elle\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Studio 1555 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/03/2015 10:17:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xdac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/03/2015 10:04:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1184
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/03/2015 09:59:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1618
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/03/2015 09:58:40 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1308
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/02/2015 02:29:33 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (08/01/2015 11:04:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16630

Error: (08/01/2015 11:04:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16630

Error: (08/01/2015 11:04:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2015 11:04:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14758

Error: (08/01/2015 11:04:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14758


System errors:
=============
Error: (08/03/2015 02:02:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/03/2015 01:38:57 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/03/2015 01:38:57 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/03/2015 01:38:18 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (08/03/2015 01:13:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/03/2015 01:13:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/03/2015 01:13:36 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/03/2015 01:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Mobile Broadband Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/03/2015 01:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/03/2015 01:13:34 PM) (Source: Service Control Manager) (User: )
Description: The Vodafone Mobile Broadband QuickStart Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

123 Cheese (HKCU\...\123 Cheese) (Version: 123 Cheese 2.5.7 - Copy Captain)
3RVX (HKLM\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net)
Adobe AIR (HKLM\...\{A0087DDE-69D0-11E2-AD57-43CA6188709B}) (Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824147215}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\{7658EBB5-CD05-4326-BEF4-A101CDFBB63C}) (Version: 14.0.3972 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{0959AEF9-AF64-4347-A948-1F1E9ADCFA92}) (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{2E63F1A2-7232-45D4-B798-B92E5526C877}) (Version: 15.0.6086 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
Blackboard Collaborate Launcher (HKLM\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Wireless HSPA Mini-Card Drivers (HKLM\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.13.8 - Dell)
Diigo Single Button (HKLM\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
EndNote X7 (HKLM\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.3.1.8614 - Thomson Reuters)
e-tax 2011 (HKLM\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2012 (HKLM\...\{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}) (Version: 6.0.577 - Australian Taxation Office)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.7.707 - Australian Taxation Office)
Fisher-Price Clifford's Classroom (HKLM\...\{188993D8-9B2B-475B-89DE-381419A9C1E4}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Clifford's Classroom (HKLM\...\InstallShield_{188993D8-9B2B-475B-89DE-381419A9C1E4}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Computer Cool School (HKLM\...\{805C66C7-D914-4D95-AC83-11CAAE045250}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Computer Cool School (HKLM\...\InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}) (Version:  - )
Fisher-Price Computer Cool School (HKLM\...\InstallShield_{805C66C7-D914-4D95-AC83-11CAAE045250}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Dora and Diego's Classroom (HKLM\...\{85DE22DE-CB29-4A0C-8930-09BC030F64BF}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Dora and Diego's Classroom (HKLM\...\InstallShield_{85DE22DE-CB29-4A0C-8930-09BC030F64BF}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Scooby-Doo's Classroom (HKLM\...\{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Scooby-Doo's Classroom (HKLM\...\InstallShield_{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Sesame Street Classroom (HKLM\...\{92DDBF62-3992-40E8-8BA0-12F1B8E09F2A}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Sesame Street Classroom (HKLM\...\InstallShield_{92DDBF62-3992-40E8-8BA0-12F1B8E09F2A}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price SpongeBob's Classroom (HKLM\...\{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}) (Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price SpongeBob's Classroom (HKLM\...\InstallShield_{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}) (Version: 1.00.0000 - Fisher-Price)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
IHMC CmapTools v6.00 (HKLM\...\IHMC CmapTools v6.00) (Version: 6.0.0.0 - Institute for Human & Machine Cognition)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.31.13 - Oracle Corporation) Hidden
LeapFrog Connect (HKLM\...\{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}) (Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog LeapReader Plugin (HKLM\...\{79025845-983F-470A-A60B-42D0D5DD2622}) (Version: 5.2.4.18512 - LeapFrog) Hidden
LeapFrog Tag Plugin (HKLM\...\{35B15182-D134-4F41-82BB-59B83F596487}) (Version: 5.1.26.18340 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6361.48 - PC-Doctor, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Photo Common (HKLM\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Poladroid (HKLM\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.6.18 - Dell Inc.)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard 2.0 (HKLM\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.42.0 - Seagate)
Shared C Run-time for x86 (HKLM\...\{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}) (Version: 10.0.0 - McAfee) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Snagit 10.0.2 (HKLM\...\{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}) (Version: 10.0.2 - TechSmith Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Syncios version 4.2.7 (HKLM\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.2.7 - Anvsoft, Inc.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM\...\LeapReaderPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM\...\TagPlugin) (Version: 5.1.26.18340 - LeapFrog)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VitalSource Bookshelf (HKLM\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vodafone QuickStart Uninstaller (HKLM\...\{676D78AA-4FD4-405D-8872-E63052EF5716}) (Version: 22.10.2.5011 - Vodafone)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

========================= Devices: ================================

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1BA04662&0&F8DB7FAFEC34_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1BA04662&0&F8DB7FAFEC34_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3036.86 MB
Available physical RAM: 887.91 MB
Total Virtual: 6072.02 MB
Available Virtual: 4126.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:191.58 GB) NTFS
3 Drive e: () (Removable) (Total:7.5 GB) (Free:7.49 GB) FAT32

========================= Users: ========================================

User accounts for \\ELLE-PC

Administrator            Elle                     Guest                    

========================= Restore Points ==================================

02-08-2015 02:44:33 Windows Update
02-08-2015 04:22:46 Restore Operation
02-08-2015 04:52:58 Windows Update
02-08-2015 06:20:22 Installed EndNote X7
03-08-2015 03:12:35 JRT Pre-Junkware Removal
03-08-2015 03:34:52 Restore Operation

**** End of log ****



#5 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 03 August 2015 - 03:46 AM

Hello, 

 

we will uninstall some programs (unwanted / uneeded) :

 

  • Smart Defrag 3

Step 1

 

Download TFC by OldTimer and save it to your desktop.

 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.
 
Step 2
 
Scan with Norton Power Eraser
 
CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !
 
Download NPE by Symantec and save it to your desktop.
 
Run the tool as Administrator,accept license agreement,and click  Scan button. 
 
Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.
 
After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !
 
If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.
 
Step 3
 
Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.
 
Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.


#6 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 06:03 AM

Hi Firehouse.  Thank you for your assistance.  I am actually happy with Smart defrag, so I have decided against replacing that.  I have scanned with MB rootkit and it came up completely clean.  I'm not sure about using Norton Power eraser....

Elle



#7 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 03 August 2015 - 06:10 AM

IObit Software is known for being bloatware,it can do more harm than good. If you want replacement use Auslogics Disk Defrag. If you ran MBAR i will need log about malicious items,NPE is harmless tool and it's powerful.



#8 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 06:22 AM

There was no log for MBAR because it didnt find anything....?

It just said Congratulations no clean up is required! Scan finished, no malware found!


Ok I shall run Norton now....



#9 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 03 August 2015 - 06:25 AM

Ok,let me know what NPE found.



#10 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 06:43 AM

Only thing norton came up with was
Risk - registry
Type - system settings
Status - bad

So I'm just repairing that now, what do you think?

#11 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 06:49 AM

There is still no Microsoft folder in all programs list along with lots of other programs....

#12 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 03 August 2015 - 06:51 AM

How is the situation now ? And what do you mean about this microsoft folder i can't understand you :)



#13 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 06:55 AM

My whole reason for thinking I had Malware was because all Microsoft office programs disappeared from my computer. I reinstalled them but when i search for them from start menu I cannot find them but if I open a file related to them then they open so obviously they are there. Many other programs are not listed in the all programs list either....

#14 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 03 August 2015 - 07:12 AM

Can you re-run MiniToolbox with List Installed Programs only ? System is clean,so only thing that can cause that is that someone else did it. In future use Toolwiz TimeFreeze to prevent unwanted changes to your PC.



#15 ElleBelleAus

ElleBelleAus
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:46 PM

Posted 03 August 2015 - 07:15 AM

No one else has access to my computer and I live alone, it all happened after a windows update. I couldn't do a system restore as all these were also wiped and malwarebytes wouldn't work and said it had never scanned my computer which is not the case....just don't understand what happened
Will rerun minitoolbox now, the programs are definitely there....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users