Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Conduit Search" has hijacked web browsers


  • Please log in to reply
13 replies to this topic

#1 kkrieger36

kkrieger36

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 20 April 2014 - 08:43 PM

All of my web browsers have been hijacked by Conduit Search.  I ran MAB, but that turned up nothing.  I deleted it from programs, but it later reappeared.  Any help that you can offer will be greatly appreciated.
Thank you,
Ken

Edited by Queen-Evie, 20 April 2014 - 08:58 PM.
moved from Vista to the appropriate forum


BC AdBot (Login to Remove)

 


#2 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:10:03 AM

Posted 20 April 2014 - 09:46 PM

Hello, I'm Indi. I'll be here to assist you.

 

Please follow my steps in the order i post them, as removal can be much more difficult if you don't.

 

Please download Malwarebytes Anti-Malware Here: https://www.malwarebytes.org/getmbam

 

Run a full scan, and remove all items found. Once you have done this, Please tell me so.


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,369 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:03 AM

Posted 21 April 2014 - 12:06 PM

The search conduit can be safely removed using AdwCleaner.

 

Removing from the Control panel leads to problem with computers running XP.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 
I don't know which version of Malwarebytes IndiGamer is suggesting that you run, but the new version has the chameleon mode incorporated in it which will allow it to run in situations where malware may try to keep it from running.  So here are the instructions for running the new version.
 

 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Edited by dc3, 21 April 2014 - 02:05 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 kkrieger36

kkrieger36
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 April 2014 - 02:31 PM

Dear Indi,

I ran Malwarebytes as you instructed and removed all items found.  There was a message posted after yours indicating another action, but the message was not from you, so I have not followed those instructions unless you direct me to.  I will wait for your reply before proceeding.

Thank you!  Ken



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,369 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:03 AM

Posted 21 April 2014 - 03:30 PM

kkrieger36

 

IndiGamer omitted a very important request, this is to post the malwarebeytes log.  This log will show what types of  potential or real problems it found.  This will enable others to understand what tools will be needed in order to clean your computer, or determine that the infections will require tools which can not be used in this forum and will request that this topic be moved to a more appropriate forum.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:03 AM

Posted 21 April 2014 - 04:27 PM

There is no need for you to wait for a reply by IndiGamer.

Please do what dc3 suggested. Post the logs for both AdwCleaner and Malwarebytes.
Those logs often contain entries and clues which will help us help you more effectively.

Am I Infected is an open forum. Anyone can reply to posts made here.

Please read this http://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/

Am I Infected is closely monitored to make sure those with issues are receiving the best help available. In addition to the trusted groups listed, there are others who are very good at malware removal. The majority of them will have high post counts and you can check out their work in AII.

In no way am I calling into question the help you are receiving from IndiGamer. We do get new helpers from time to time and they turn out to be good at helping posters to get rid of malware and infections.

Edited by Queen-Evie, 21 April 2014 - 04:45 PM.


#7 kkrieger36

kkrieger36
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 April 2014 - 06:42 PM

This is from AdwCleaner:
# AdwCleaner v3.103 - Report created 21/04/2014 at 18:11:47
# Updated 21/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Ken - KEN-PC
# Running from : C:\Users\Ken\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\TidyNetwork
Folder Deleted : C:\Users\Ken\AppData\Local\apn
Folder Deleted : C:\Users\Ken\AppData\Local\Conduit
Folder Deleted : C:\Users\Ken\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ken\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ken\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ken\AppData\Roaming\goforfiles
File Deleted : C:\END
File Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7raao2qp.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7raao2qp.default\searchplugins\conduit-search.xml
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0B5B778-26C6-4A9D-873B-796E585E8722}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0B5B778-26C6-4A9D-873B-796E585E8722}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Discount Buddy
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7raao2qp.default\prefs.js ]
 
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13479069502959021&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.crossrider.bic", "13d3d09562c0310acd066335993d6521");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN13479069502959021&UM=2&q=");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
 
[ File : C:\Users\Kriegers\AppData\Roaming\Mozilla\Firefox\Profiles\41n82d9w.default\prefs.js ]
 
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Kriegers\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5316 octets] - [21/04/2014 18:02:40]
AdwCleaner[S0].txt - [5385 octets] - [21/04/2014 18:11:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5445 octets] ##########
 
This is from Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/21/2014
Scan Time: 7:26:56 PM
Logfile: malware txt.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.21.07
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Ken
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274595
Time Elapsed: 58 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Magoo, HKU\S-1-5-21-2887566085-2129258759-1439649896-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9}, Quarantined, [85765ece3c3f38fe3fcdf13d818134cc], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.DiamonData.A, C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7raao2qp.default\extensions\firefox@diamondata.net.xpi, Quarantined, [11eae349502bd462a4599ed654ae956b], 
PUP.Optional.Conduit.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=M9619EFCF-9AA9-47A6-8F0F-72D041DCE978&SearchSource=55&CUI=&UM=5&UP=SP598E3F07-DFD5-41DB-93C0-5A599C916833&SSPV=", "http://search.conduit.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=M9619EFCF-9AA9-47A6-8F0F-72D041DCE978&SearchSource=55&CUI=&UM=5&UP=SP598E3F07-DFD5-41DB-93C0-5A599C916833&SSPV=", "http://us.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type=avastbcl", "https://mail.google.com/mail/#inbox" ],), Replaced,[e5167daf1665bd79907e490d64a06e92]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:10:03 AM

Posted 21 April 2014 - 07:12 PM

Thanks guys for helping me solve this guys problem. I have been on vacation recently, and actually, I have another recommendation. I created a program that resets your browser. If you want, I can give you the program to fully remove conduit. Has conduit gone away? Please download AdwCleaner at the downloads section of this website. Create a system restore point, because you might delete a software you needed on accident. Run the program and remove all the items found. Post the log found in the AdwCleaner folder.

Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#9 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:10:03 AM

Posted 21 April 2014 - 07:14 PM

Never mind! Your computer seems to be clean. Is conduit appearing as your default page anymore?

Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#10 kkrieger36

kkrieger36
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 21 April 2014 - 07:22 PM

Yes Search Conduit is still appearing as my default page.



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,369 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:03 AM

Posted 22 April 2014 - 09:22 AM

AdwCleaner usually removes Search Conduit... usually.

 

Open the Control Panel, click on Programs and Feature, then look for Search Protect by Conduit, ValueApps, Conduit Toolbar.  If any of these are found uninstall it.

 

It will also be necessary to remove it from the browser/s that you use, please post the browser/s you use.  For this I would like for you to run two programs and then post the logs.

 

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox  , save it to your desktop and run it.
 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Edited by dc3, 22 April 2014 - 09:55 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,369 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:03 AM

Posted 22 April 2014 - 10:10 AM

 I created a program that resets your browser. If you want, I can give you the program to fully remove conduit.

 

 

I would suggest you post this in the Programming forum , this would be the appropriate forum and would be viewed by members who would be interested in this.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 kkrieger36

kkrieger36
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 23 April 2014 - 07:18 AM

dc3,

Thanks you!  Here is the info from the two programs that you told me to run:

 

http://speccy.piriform.com/results/O2KLcdQpxqAAAPgEVqlxxYW

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Ken (administrator) on 23-04-2014 at 08:16:23
Running from "C:\Users\Ken\Downloads"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/23/2014 08:13:35 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (04/22/2014 09:04:57 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(8c:7b:9d:ad:7f:fc@fe80::8e7b:9dff:fead:7ffc._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/22/2014 09:02:46 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
 
System errors:
=============
Error: (04/23/2014 04:59:32 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/22/2014 09:36:18 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/21/2014 07:34:40 PM) (Source: Service Control Manager) (User: )
Description: Null
SASDIFSV
SASKUTIL
 
Error: (04/21/2014 07:34:38 PM) (Source: Service Control Manager) (User: )
Description: MSCamSvc
 
Error: (04/21/2014 07:34:23 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (04/21/2014 06:18:43 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%1053
 
Error: (04/21/2014 06:18:43 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Modules Installer
 
Error: (04/21/2014 06:18:43 PM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (04/21/2014 06:15:49 PM) (Source: Service Control Manager) (User: )
Description: Null
SASDIFSV
SASKUTIL
 
Error: (04/21/2014 06:15:48 PM) (Source: Service Control Manager) (User: )
Description: MSCamSvc
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2014 08:13:35 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (04/22/2014 09:04:57 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(8c:7b:9d:ad:7f:fc@fe80::8e7b:9dff:fead:7ffc._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (04/22/2014 09:02:46 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (04/22/2014 09:02:45 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-23 07:56:56.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 07:56:53.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 07:31:50.995
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 07:31:46.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 07:31:41.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 07:31:36.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 02:59:26.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 02:59:25.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 02:59:24.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-23 02:59:24.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30380)
32 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 9.20
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader 9.5.5 (Version: 9.5.5)
AIO_CDA_ProductContext (Version: 82.0.233.000)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 9.0.2018)
Bonjour (Version: 3.0.0.10)
C6100 (Version: 82.0.233.000)
c6100_Help (Version: 82.0.233.000)
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MP230 series MP Drivers (Version: 1.00)
Canon MP230 series On-screen Manual (Version: 7.5.0)
Canon MP230 series User Registration
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
CCleaner (Version: 3.28)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Convert XLS
ConvertXtoDVD 4.1.9.347 (Version: 4.1.9.347)
CustomerResearchQFolder (Version: 1.00.0000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Best of Web (Version: 1.00.0000)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DocProcQFolder (Version: 1.00.0000)
Dropbox (Version: 2.4.11)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EDocs
eSupportQFolder (Version: 1.00.0000)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447)
FlashFXP 4 (Version: 4.4.3.2031)
Google Chrome (Version: 34.0.1847.116)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
GoToAssist 8.0.0.514
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Grand Theft Auto
GTA2 (Version: 1.00.001)
HP Driver Diagnostics (Version: 1.03.0005)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Detection (Version: 10.7.8.0)
HP Update (Version: 4.000.005.006)
HPSSupply (Version: 2.1.3.0000)
IHA_MessageCenter (Version: 1.8.70)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 7 (Version: 1.6.0.70)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
mIRC (Version: 7.29)
MobileMe Control Panel (Version: 3.1.5.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicnotes Software Suite 1.4.6 (Version: 1.4.6)
NetWaiting (Version: 2.5.53)
NVIDIA Drivers
NVIDIANetworkDiagnostic (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
ooVoo (Version: 3.5.1072)
PhotoCardMaker 1.0.2
PowerDVD (Version: 8.0)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.57.2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sibelius Scorch (ActiveX Only) (Version: 6.2.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.11 (Version: 6.11.102)
Speccy (Version: 1.25)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.9.8.296.g91f68827)
SUPERAntiSpyware Free Edition (Version: 4.37.0.1000)
System Checkup 3.4 (Version: 3.4.0.47)
TeamViewer 8 (Version: 8.0.22298)
Turbo Booster for uTorrent (Version: 4.2.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VLC media player 2.0.0 (Version: 2.0.0)
VSO ConvertXToDVD (Version: 5.1.0.2)
Vz In Home Agent (Version: 8.03.61)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Xilisoft DVD Ripper Ultimate (Version: 7.7.2.20130508)
Xilisoft Video Converter Ultimate (Version: 7.7.1.20130111)
YNAB 3 (Version: 3.5.3)
YNAB 3 (Version: 3.5.3.4)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3517.57 MB
Available physical RAM: 1249.62 MB
Total Pagefile: 7263.59 MB
Available Pagefile: 4916.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.69 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:4.91 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.47 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KEN-PC
 
Administrator            Guest                    Ken                      
Kriegers                 
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,369 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:03 AM

Posted 23 April 2014 - 10:27 AM

Your C: drive has a capacity of 222.78GB, you only have 4.91GB or free space.  You need at least 15% free space on a hdd of this size, that would be 33GB.  You need to free up 28GB.

 

Swapping is the process whereby a page of memory is copied to the preconfigured space on the hard disk, called swap space, to free up that page of memory. The combined sizes of the physical memory and the swap space is the amount of virtual memory available.  I the information being processed is larger that the amount of RAM the virtual memory comes into play.  It acts like memory, it is much slower than RAM, but helps to complete the process.
 

After you have freed up the hdd space run sfc /scannow.

 

The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
Click on the Sart orb and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
A page similar to the one below will open.
 
commandprompt_zps212bc71a.png
 
Type in sfc /scannow and then press Enter to start the scan.  Please notice the space between sfc and the /scannow.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.
 
When the scan is finished please post the log of this scan.
 
To find sfc /scannow file type cmd, run as administrator, copy and paste the following, then press Enter.  
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
 
This will place a new icon on the desktop titled sfcdetails.  

 

After you have done this run AdwCleaner again and post the log.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users