Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SnapDo has installed in IE and in Chrome


  • Please log in to reply
12 replies to this topic

#1 No Time For This

No Time For This

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 19 July 2013 - 08:42 PM

Hi all,

 

I was using Chrome for a chat session with Constant Contact.  I usually use IE, but have found that Chrome works better when I am using Constant Contact.

 

My chat session crashed twice, and soon after that there was a prompt for an update to Java.  I thought it may be related to the problem that I was having, so I initiated the update.  The Java screens seemed a bit different than what I am used to seeing but I attributed that to the fact that I hardly ever use Chrome, and went ahead and installed.  When it was done, I realized that I had mistakenly let my guard down, and allowed SnapDo to install. 

 

In Chrome, it became the startup page and the home page.  I think that I have eradicated that problem at least for the moment.

 

In IE, it has put hyperlinks on many words across the page, and when you hover on them it shows an add-in called Less Tabs.  For now I have tried disabling that add-in.

 

In IE, it randomly plays small ad video in the bottom right screen.  This is very disruptive.

 

Any help in eradicating SnapDo (and anything else that it may have brought into my computer) would be appreciated.

 

Thanks,

 

-NTFT-



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 July 2013 - 09:32 PM

Hello and welcome. Running these should get it out.
The Snap.do website is associated with the Smartbar toolbar for your web browser and contains adware.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 No Time For This

No Time For This
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 30 October 2013 - 11:41 AM

Sorry for this delayed response.  True to my name "No Time For This", I have had little time to fix this until now. 

 

I ran the four programs that you recommended, and I am posting the files here.  It seems like Snap.Do is gone, but I think I need to watch it over the next few days before I declare victory. 

 

The only problem I immediately noted may not be related.  The Search Provider in IE is no longer held hostage to Web Search.  Web Search has been removed and replaced with Bing, but I am unable to change it to my preference which is Google.  I get a script error.  If you have any ideas on this error I would love to hear them and give them a try.

 

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; .NET CLR 2.0.50727)
Timestamp: Wed, 30 Oct 2013 16:28:20 UTC

Message: Script error
Line: 0
Char: 0
Code: 0
URI: http://az307127.vo.msecnd.net/?v=a0d444a_e7ae975679d216836cd7329fa6343870&p=content/js&js=s_code,analytics,gallery,layout,addon_utils,gallery.getie9,gallery.layout,gallery.browse,detail,facebookatlas,gallery.touch

 

 

 

Results from running JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by bxxxxx on Tue 10/29/2013 at 19:54:28.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\bxxxxx.WXXXXX-XXXXX\Application Data\pdfforge"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/29/2013 at 20:01:36.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Results from running AdwCleaner:

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 20:04:54
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : bxxxxx - S105
# Running from : C:\Documents and Settings\bxxxxx.WXXXXX-XXXXX\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\Software\Description
Key Found : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v28.0.1500.72

*************************

AdwCleaner[R0].txt - [956 octets] - [29/10/2013 20:04:52]

########## EOF - P:\AdwCleaner\AdwCleaner[R0].txt - [956 octets] ##########

 

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 20:07:58
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : bxxxxx - S105
# Running from : C:\Documents and Settings\bxxxxx.WXXXXX-XXXXX\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Installer
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v28.0.1500.72

*************************

AdwCleaner[R0].txt - [1160 octets] - [29/10/2013 20:04:52]
AdwCleaner[S0].txt - [1006 octets] - [29/10/2013 20:07:57]

########## EOF - P:\AdwCleaner\AdwCleaner[S0].txt - [1006 octets] ##########

 

 

 

Results from running Eset:

 

C:\RECYCLER\S-1-5-21-1484529255-2893571230-3708784094-2308\Dc59\SelectionLinks.dll Win32/AdWare.Facetheme.F application cleaned by deleting - quarantined
 

 

 

Results from running MiniToolBox:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by bxxxxx (administrator) on 30-10-2013 at 07:04:05
Running from "C:\Documents and Settings\bxxxxx.WXXXXX-XXXXX\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: 192.168.1.2:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=192.168.1.5 register=PRIMARY
add dns name="Local Area Connection" addr=4.2.2.1 index=2
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : S105

        Primary Dns Suffix  . . . . . . . : wxxxxx-xxxxx.local

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : wxxxxx-xxxxx.local

                                            wxxxxx-xxxxx.local

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : wxxxxx-xxxxx.local

        Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection

        Physical Address. . . . . . . . . : B8-AC-6F-41-CF-30

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.50

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.5

        DNS Servers . . . . . . . . . . . : 192.168.1.5

                                            4.2.2.1

        Primary WINS Server . . . . . . . : 192.168.1.5

        Lease Obtained. . . . . . . . . . : Tuesday, October 29, 2013 8:11:13 PM

        Lease Expires . . . . . . . . . . : Wednesday, November 06, 2013 8:11:13 PM

Server:  appsrv01.wxxxxx-xxxxx.local
Address:  192.168.1.5

Name:    google.com
Addresses:  74.125.225.46, 74.125.225.39, 74.125.225.37, 74.125.225.36
   74.125.225.40, 74.125.225.32, 74.125.225.34, 74.125.225.35, 74.125.225.38
   74.125.225.33, 74.125.225.41

 

Pinging google.com [74.125.225.46] with 32 bytes of data:

 

Reply from 74.125.225.46: bytes=32 time=7ms TTL=57

Reply from 74.125.225.46: bytes=32 time=7ms TTL=57

 

Ping statistics for 74.125.225.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 7ms, Maximum = 7ms, Average = 7ms

Server:  appsrv01.wxxxxx-xxxxx.local
Address:  192.168.1.5

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=26ms TTL=54

Reply from 98.138.253.109: bytes=32 time=31ms TTL=54

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 31ms, Average = 28ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...b8 ac 6f 41 cf 30 ...... Intel® 82567LM-3 Gigabit Network Connection - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.50   10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0     192.168.1.50    192.168.1.50   10
     192.168.1.50  255.255.255.255        127.0.0.1       127.0.0.1   10
    192.168.1.255  255.255.255.255     192.168.1.50    192.168.1.50   10
        224.0.0.0        240.0.0.0     192.168.1.50    192.168.1.50   10
  255.255.255.255  255.255.255.255     192.168.1.50    192.168.1.50   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/29/2013 08:11:35 PM) (Source: WinVNC4) (User: )
Description: SocketManager: unknown listener event: 0

Error: (10/29/2013 02:29:32 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Bloodhound.MalPE in File: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1174\A0571580.EXE by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (10/29/2013 02:29:21 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Bloodhound.MalPE in File: C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1174\A0571579.EXE by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (10/29/2013 10:00:21 AM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Error: (10/29/2013 10:00:21 AM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Error: (10/29/2013 10:00:21 AM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Error: (10/29/2013 09:46:14 AM) (Source: Application Hang) (User: )
Description: Hanging application Acrobat.exe, version 9.5.5.316, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/22/2013 05:03:40 PM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Error: (10/22/2013 05:03:40 PM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Error: (10/22/2013 05:03:40 PM) (Source: WinVNC4) (User: )
Description: ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

System errors:
=============
Error: (10/29/2013 00:22:44 AM) (Source: NETLOGON) (User: )
Description: The session setup to the Windows NT or Windows 2000 Domain Controller \\appsrv01.wxxxxx-xxxxx.local for the domain WXXXXX-XXXXX
is not responsive.  The current RPC call from Netlogon on \\S105 to \\appsrv01.wxxxxx-xxxxx.local has been cancelled.

Error: (10/28/2013 05:51:52 AM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/26/2013 08:18:43 PM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/26/2013 00:10:31 PM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/23/2013 06:38:19 PM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/23/2013 10:14:14 AM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/22/2013 09:15:42 PM) (Source: TermService) (User: )
Description: The terminal server received large number of incomplete connections.  The system may be under attack.

Error: (10/22/2013 08:20:24 PM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (10/22/2013 08:20:24 PM) (Source: 0) (User: )
Description: \Device\Termdd"DATA ENCRYPTION"

Error: (10/22/2013 08:20:21 PM) (Source: 0) (User: )
Description: \Device\TermddX.224

Microsoft Office Sessions:
=========================
Error: (07/25/2013 09:13:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 899 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/18/2013 09:07:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 790 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (07/11/2013 08:06:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 449 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/03/2013 04:12:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3382 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (07/03/2013 04:11:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10274 seconds with 5220 seconds of active time.  This session ended with a crash.

Error: (05/13/2013 03:37:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10651 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 10:15:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3088 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (01/24/2013 01:30:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/05/2013 10:40:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 354 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/30/2012 01:43:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62 seconds with 0 seconds of active time.  This session ended with a crash.

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
ABBYY FineReader for ScanSnap ™ 2.0 (Version: 7.00.1276.4177e)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AM-DeadLink 4.1 (Version: 4.1)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Best's Key Rating Guide - P/C, US & Canada, Version 2011 (Version: 8.0.0.8)
BioAPI Framework (Version: 1.0.1)
CCleaner (Version: 2.35)
Cisco WebEx Meetings
Citrix online plug-in (Web) (Version: 12.0.0.6410)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DCP32MMWrapper (Version: 1.6.453.66)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delete as Spam Add-in (Version: 2.0.0.82)
Dell Backup and Recovery Manager (Version: 1.2.3)
Dell Control Point (Version: 1.6.453.66)
Dell ControlPoint Security Manager (Version: 1.6.453.66)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079)
Dell Security Device Driver Pack (Version: 1.4.050)
Directory Report (Version: 33.00.0000)
Document Manager Lite (Version: 06.09.00.147)
Dropbox (Version: 2.4.2)
DYMO Scale Manager (Version: 1.3.0)
EMBASSY Security Center (Version: 04.00.00.071)
EMBASSY Security Setup (Version: 04.00.00.058)
ESC Home Page Plugin (Version: 04.00.00.010)
ESET Online Scanner v3
Express Burn Disc Burning Software
fax@vantage (Version: 4.5.1)
fax@vantage TIFF Printer Driver (Version: 9.41)
Folder Size 1.9.5.0 (Version: 1.9.5.0)
Gemalto (Version: 01.01.00.0000)
Glary Utilities 2.27.0.982 (Version: 2.27.0.982)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)
GoToMyPC (Version: 8.0.943)
IE New Window Maximizer 2.4
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImgBurn (Version: 2.5.6.0)
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
ISO Recorder (Version: 2.0.0)
IsoBuster 2.8 (Version: 2.8)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8089.726)
Kaseya Agent (wolleranger_s105.root.activenocontract - 98.103.190.12) (Version: 6.1.0.6)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0)
Lookout (Version: 1.2)
Lookout (Version: 1.3.0)
Magical Jelly Bean KeyFinder (Version: 2.0.8.1)
Malwarebytes' Anti-Malware
MFCLOC (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Word Viewer 97
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA Drivers (Version: 1.10.57.35)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort 9.0 (Version: 9.01.0000)
Password Tracker Deluxe 3.63
PDFCreator (Version: 1.4.3)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Policies Now 6
PowerDVD DX (Version: 8.2.5024)
Preboot Manager (Version: 03.00.00.085)
Private Information Manager (Version: 06.04.00.057)
Progressive Downloader Plus (Version: 3.0.0.2)
QuickBooks (Version: 21.0.4013.904)
QuickBooks Pro 2011 (Version: 21.0.4013.904)
Quicken 2003 Deluxe (Version: 12.00.0000)
Quicken Deluxe 2000
QuickTime (Version: 7.74.80.86)
Rapport (Version: 3.5.1302.61)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
ScanSnap Manager
ScanSnap Organizer
Screensaver Operations (Version: 1.3.3.0)
Security Wizards (Version: 01.07.00.023)
Segoe UI (Version: 14.0.4327.805)
Shadow Copy Client (Version: 5.2.01)
Snagit 11 (Version: 11.2.0)
Snagit Stamps Accents (Version: 1.0.0.0)
Snagit Stamps Accents_bw (Version: 1.0.0.0)
Snagit Stamps Accents-large (Version: 1.0.0.0)
Snagit Stamps Arrows (bw) (Version: 1.0.0.0)
Snagit Stamps Arrows-large (Version: 1.0.0.0)
Snagit Stamps Arrows-large_bw (Version: 1.0.0.0)
Snagit Stamps BracketsBraces (Version: 1.0.0.0)
Snagit Stamps Circle (Version: 1.0.0.0)
Snagit Stamps Document (Version: 1.0.0.0)
Snagit Stamps GeneratedStamps (Version: 1.0.0.0)
Snagit Stamps Hand-Drawn (Version: 1.0.0.0)
Snagit Stamps ProofreaderMarks (Version: 1.0.0.0)
Snagit Stamps Rounded (Version: 1.0.0.0)
SO32MMWrapper (Version: 1.6.453.66)
SRWare Iron 16.0.950.0
ST Microelectronics TPM Driver Installer (Version: 1.04.15)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 12.1.2015.2015)
Symantec Ghost Console Client (Version: 83.00.1331)
Transfer Manager.NET (Version: 3.4.0)
Trusted Drive Manager (Version: 3.3.0.396)
Trusteer Endpoint Protection (Version: 3.5.1302.61)
tsp patch (Version: 01.00.00.0000)
UltraMon (Version: 2.6.23.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
User Mode Process Dumper
VMware vCenter Converter Standalone (Version: 5.0.0.470252)
VMware vSphere Client 5.0 (Version: 5.0.0.16964)
VNC 3.3.7 (Version: 3.3.7)
VNC Neighborhood (Version: 1.1.8)
Wave Infrastructure Installer (Version: 07.01.19.0000)
Wave Support Software (Version: 05.10.00.062)
WebFldrs XP (Version: 9.50.7523)
WinDirStat 1.1.2
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (06/26/2012 6.3.0.48) (Version: 06/26/2012 6.3.0.48)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Driver Package - STMicroelectronics (stmtpm) System  (05/24/2007 1.00.04.15) (Version: 05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinSPM
XML Paper Specification Shared Components Pack 1.0
Yrefresher 1.00

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 3325.52 MB
Available physical RAM: 1833.3 MB
Total Pagefile: 5206.7 MB
Available Pagefile: 3757 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.27 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:148.9 GB) (Free:79.8 GB) NTFS
2 Drive d: (Oct 03 2013) (CDROM) (Total:2.57 GB) (Free:0 GB) UDF
3 Drive e: (My Book) (Fixed) (Total:465.75 GB) (Free:23.56 GB) NTFS
4 Drive f: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
5 Drive h: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
10 Drive p: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
11 Drive q: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
12 Drive r: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
13 Drive s: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
14 Drive u: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
15 Drive v: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
16 Drive w: (Spare) (Network) (Total:75 GB) (Free:29.46 GB) NTFS
17 Drive x: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS
18 Drive y: (System) (Network) (Total:100 GB) (Free:25.4 GB) NTFS
19 Drive z: (Data) (Network) (Total:400 GB) (Free:70.63 GB) NTFS

========================= Users: ========================================

User accounts for \\S105

___VMware_Conv_SA___     Administrator            ASPNET                  
Guest                    HelpAssistant            QBDataServiceUser21     
SUPPORT_388945a0        

**** End of log ****

 

 

Thank you for your help.  Let me know if you see anything else here.

- No Time For This -



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 30 October 2013 - 08:55 PM

Hello, lets fix a few things and see how it is.
What antivirus are you using?

These are outdated and can also allow malware to get in.
In Control Panel, uninstall these...
Adobe Acrobat 9.5.5 - CPSID_83708
Java 7 Update 25 (Version: 7.0.250)[\b]

Reboot the machine

Install
Adobe reader Version XI (11.0.04)
Java Version 7 Update 45 from HERE by selecting the Windows Offline (32-bit) option.

NOTE: Uncheck any extras such as this before installing

Optional offer:


Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

google_banner_225x66.png




>>>>>

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 No Time For This

No Time For This
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 21 November 2013 - 05:32 PM

I am using Symantec Endpoint Protection v12.1.

 

Unfortunately I need to hang on to Adobe Acrobat as there are some thing that I need that Adobe Reader cannot do for me. 

 

I did make sure that my Adobe Reader is updated to v11.0.

 

I updated Java to v7 u45, without the extra goodies.

 

I downloaded and ran Windows Repair.  I had trouble with one of the steps, so I skipped to the next step (I can’t find my notes now on which step caused problems).  Somehow I ended up with two Windows Repair Logs, so I will post them both.

 

First log:

 

Starting Repairs...
   Start (11/19/2013 10:49:00 AM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/19/2013 10:49:00 AM)
   Running Repair Under Current User Account
   Done (11/19/2013 10:49:06 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/19/2013 10:49:06 AM)
   Running Repair Under System Account
   Done (11/19/2013 10:50:17 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/19/2013 10:50:17 AM)
   Running Repair Under System Account
   Done (11/19/2013 10:51:04 AM)

03 - Register System Files
   Start (11/19/2013 10:51:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 10:53:57 AM)

04 - Repair WMI
   Start (11/19/2013 10:53:57 AM)
   Running Repair Under Current User Account
   Done (11/19/2013 10:57:37 AM)

05 - Repair Windows Firewall
   Start (11/19/2013 10:57:37 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 10:57:49 AM)

06 - Repair Internet Explorer
   Start (11/19/2013 10:57:50 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:00:48 AM)

07 - Repair MDAC/MS Jet
   Start (11/19/2013 11:00:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:01:16 AM)

08 - Repair Hosts File
   Start (11/19/2013 11:01:16 AM)
   Running Repair Under System Account
   Done (11/19/2013 11:01:19 AM)

09 - Remove Policies Set By Infections
   Start (11/19/2013 11:01:19 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:01:23 AM)

11 - Repair Icons
   Start (11/19/2013 11:01:23 AM)
   Running Repair Under System Account
   Done (11/19/2013 11:01:26 AM)

12 - Repair Winsock & DNS Cache
   Start (11/19/2013 11:01:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:01:36 AM)

14 - Repair Proxy Settings
   Start (11/19/2013 11:01:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:01:41 AM)

16 - Repair Windows Updates
   Start (11/19/2013 11:01:41 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:02:34 AM)

17 - Repair CD/DVD Missing/Not Working
   Start (11/19/2013 11:02:34 AM)
   Done (11/19/2013 11:02:34 AM)

18 - Repair Volume Shadow Copy Service
   Start (11/19/2013 11:02:34 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:05 AM)

20 - Repair MSI (Windows Installer)
   Start (11/19/2013 11:03:05 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:21 AM)

22.01 - Repair bat Association
   Start (11/19/2013 11:03:21 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:26 AM)

22.02 - Repair cmd Association
   Start (11/19/2013 11:03:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:31 AM)

22.03 - Repair com Association
   Start (11/19/2013 11:03:31 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:35 AM)

22.04 - Repair Directory Association
   Start (11/19/2013 11:03:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:40 AM)

22.05 - Repair Drive Association
   Start (11/19/2013 11:03:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:45 AM)

22.06 - Repair exe Association
   Start (11/19/2013 11:03:45 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:49 AM)

22.07 - Repair Folder Association
   Start (11/19/2013 11:03:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:54 AM)

22.08 - Repair inf Association
   Start (11/19/2013 11:03:54 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:03:59 AM)

22.09 - Repair lnk (Shortcuts) Association
   Start (11/19/2013 11:03:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:03 AM)

22.10 - Repair msc Association
   Start (11/19/2013 11:04:03 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:08 AM)

22.11 - Repair reg Association
   Start (11/19/2013 11:04:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:13 AM)

22.12 - Repair scr Association
   Start (11/19/2013 11:04:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:17 AM)

23 - Repair Windows Safe Mode
   Start (11/19/2013 11:04:17 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:22 AM)

24 - Repair Print Spooler
   Start (11/19/2013 11:04:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:35 AM)

25 - Restore Important Windows Services
   Start (11/19/2013 11:04:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/19/2013 11:04:44 AM)

26 - Set Windows Services To Default Startup
   Start (11/19/2013 11:04:44 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account

 

Second Log

 

   Done (11/19/2013 11:05:08 AM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

Cleaning up empty logs...

All Selected Repairs Done.
   Done (11/19/2013 11:05:08 AM)
   Total Repair Time: 00:16:08

...YOU MUST RESTART YOUR SYSTEM...

 

Do all of these logs look clean?  Anythiing else I need to do or be concerned about?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 21 November 2013 - 10:03 PM

Ok, this looks good. Yes keep Acrobat, it was reader we wanted to fix.

Last....

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 No Time For This

No Time For This
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 25 November 2013 - 11:36 AM

Okay, the System Restore has been done as outlined and computer rebooted.  Everything seems good with one exception.

 

During the Snap.Do infection period, the Search Box in the upper right corner of IE had also been taken over by Snap.Do.  Now, the search provider is Bing, which is okay, but my first choice is Google.  If I click on the down arrow next to the search box and choose Manage Search Providers, Bing is the only one listed.  I can click to Find More Search Providers which opens the Internet Explorer Gallery.  I choose Google Search and it opens up a window showing Google Search with a button to Add to Internet Explorer.  When I click that button I get an error in the bottom left status area of IE showing Error on Page.  When I click details it shows:

 

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; .NET CLR 2.0.50727)
Timestamp: Mon, 25 Nov 2013 16:35:04 UTC

Message: Script error
Line: 0
Char: 0
Code: 0
URI: http://az307127.vo.msecnd.net/?v=2beff81_e7ae975679d216836cd7329fa6343870&p=content/js&js=s_code,analytics,gallery,layout,addon_utils,gallery.getie9,gallery.layout,gallery.browse,detail,facebookatlas,gallery.touch

 

Any thoughts on how to fix this final piece of the Snap.Do infection?

 

- No Time For This -



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 25 November 2013 - 09:58 PM

Hello, this looks like the fix here

 

 

It requires editing he registry. Before attempting the fix...

Modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry

  • Go Here and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986

 

 

 

If you have questions about doing the fix , please ask in the XP forum as they are more familiar with XP registry than I.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 No Time For This

No Time For This
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 26 November 2013 - 08:55 PM

I edited registry, deleting any of the items that were highlighted in red.  After rebooting, I tried again to load Google as a Search Provider, and received the same Error on Page.  Here are the error details:

 

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E; IPH 1.1.21.4019)
Timestamp: Wed, 27 Nov 2013 01:53:33 UTC

Message: Script error
Line: 0
Char: 0
Code: 0
URI: http://az307127.vo.msecnd.net/?v=2beff81_e7ae975679d216836cd7329fa6343870&p=content/js&js=s_code,analytics,gallery,layout,addon_utils,gallery.getie9,gallery.layout,gallery.browse,detail,facebookatlas,gallery.touch

 

Any further ideas?

 

- NTFT -



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 26 November 2013 - 09:04 PM

Try one more thing reinstall FF.
 
Clean reinstall of Firefox?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 No Time For This

No Time For This
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 December 2013 - 11:46 AM

I do not have FF installed, so that can't be the problem.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 05 December 2013 - 03:07 PM

I saw this above... User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1;

 

Did you back up the registry, per post 8 ? As it needs an edit.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 05 December 2013 - 08:53 PM

Since it is not your webpage disable the notification.
Turn off script debugging and notifications in Internet Explorer

What should you do about Internet Explorer script errors
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users