Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INfected machine is giving major problems to fix


  • Please log in to reply
17 replies to this topic

#1 doug3515

doug3515

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 05 September 2014 - 12:42 PM

Running currently in safe mode
 
eek is stopping mid full scan and hangs there but the program is not the issue as i am able to navigate
 
Combo fix refuses to function in safe mode or normal boot mode
 
windows 7 home premium 4GB of ram 
 
multiple infections possible

Edited by Queen-Evie, 05 September 2014 - 01:07 PM.
moved from Windows 7 to Am I Infected to explore the possibility of infection


BC AdBot (Login to Remove)

 


#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 September 2014 - 01:12 PM

Can you try running Malwarebytes



#3 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 05 September 2014 - 01:35 PM

running superantispyware currently and that is freezing up ... i will run once SAS is completed



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:52 PM

Posted 05 September 2014 - 01:48 PM

Do NOT run ComboFix you may lose the machine
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 05 September 2014 - 02:27 PM

attempted but did not run ... have not ran yet ... SAP and MBAM is running currently



#6 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 05 September 2014 - 02:45 PM

MBAM finished finding 109 infections.

 

re running now after reboot and also running SAP and EEK.

 

EEK has frozen again.


PriceGong infection showing up on EEK ... still frozen



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:52 PM

Posted 05 September 2014 - 03:13 PM

Were they deleted or quarantined.

Try running these and post the logs.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 September 2014 - 04:35 PM

deleted

 

TDS Killler came up with no error

 

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Dennis Hendrickson (administrator) on 08-09-2014 at 16:38:07
Running from "C:\Users\Dennis Hendrickson\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DennisHendricks
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : eau.wi.charter.com
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-25-64-F3-78-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f595:d18c:8d0f:3707%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.1.75(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, September 08, 2014 6:45:56 AM
   Lease Expires . . . . . . . . . . : Tuesday, September 09, 2014 6:45:55 AM
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 10.0.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234890596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-75-34-CF-00-25-64-F3-78-69
   DNS Servers . . . . . . . . . . . : 10.0.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter 6TO4 Adapter:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.eau.wi.charter.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:287d:367:f5ff:feb4(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::287d:367:f5ff:feb4%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4001:c05::8a
 173.194.121.34
 173.194.121.33
 173.194.121.37
 173.194.121.41
 173.194.121.36
 173.194.121.46
 173.194.121.32
 173.194.121.39
 173.194.121.35
 173.194.121.38
 173.194.121.40
 
 
Pinging google.com [173.194.121.34] with 32 bytes of data:
Reply from 173.194.121.34: bytes=32 time=41ms TTL=49
Reply from 173.194.121.34: bytes=32 time=47ms TTL=49
 
Ping statistics for 173.194.121.34:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 47ms, Average = 44ms
Server:  UnKnown
Address:  10.0.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=86ms TTL=46
Reply from 206.190.36.45: bytes=32 time=77ms TTL=46
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 86ms, Average = 81ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 25 64 f3 78 69 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1        10.0.1.75     20
         10.0.1.0    255.255.255.0         On-link         10.0.1.75    276
        10.0.1.75  255.255.255.255         On-link         10.0.1.75    276
       10.0.1.255  255.255.255.255         On-link         10.0.1.75    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.1.75    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.1.75    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:6ab8:287d:367:f5ff:feb4/128
                                    On-link
 10    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::287d:367:f5ff:feb4/128
                                    On-link
 10    276 fe80::f595:d18c:8d0f:3707/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/08/2014 07:32:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/08/2014 06:47:11 AM) (Source: Application Virtualization Client) (User: )
Description: {tid=12CC}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
 
 
System errors:
=============
Error: (09/08/2014 06:47:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (09/08/2014 06:47:07 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error: 
%%5
 
Error: (09/07/2014 01:51:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (09/07/2014 01:51:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (09/07/2014 01:51:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
 
Error: (09/07/2014 01:51:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
 
Microsoft Office Sessions:
=========================
Error: (09/08/2014 07:32:04 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (09/08/2014 06:47:11 AM) (Source: Application Virtualization Client)(User: )
Description: {tid=12CC}
0x80070002
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-02 10:49:20.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-02 10:49:20.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
 
=========================== Installed Programs ============================
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0614.2130 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ?Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
ccc-utility64 (Version: 2009.0614.2131.36800 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Desktop Temperature Monitor (HKCU\...\Desktop Temperature Monitor) (Version: 1.23.0.0 - System Alerts LLC)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\{9F45A0F8-D682-372F-B404-D8BA5FB37D46}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Harry Potter and the Deathly Hallows™ - Part 1 (HKLM-x32\...\{C9AAF970-4E7E-4C98-AD67-09C74379D345}) (Version: 1.0.0.0 - Electronic Arts)
HomeByMe (HKCU\...\SquareClock_Production_HBMV1) (Version:  - SquareClock SAS)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 06.81.11.0000 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
ScreenConnect Client (f886349e6cfb9ba9) (HKLM-x32\...\{2A1CCAC6-07D8-4BCF-8B98-26D2D9A5F9CA}) (Version: 4.2.6403.5198 - Elsinore Technologies, Inc.)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
The Sims 2 University (HKLM-x32\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version:  - )
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.109 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims™ 2 Apartment Life (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
The Sims™ 2 Fun with Pets Collection (HKLM-x32\...\{41AA7187-8272-462c-9EED-7B614DA1404E}) (Version:  - Electronic Arts)
The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.34.27 - Electronic Arts)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
 
========================= Devices: ================================
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 66%
Total physical RAM: 3839.12 MB
Available physical RAM: 1298.63 MB
Total Pagefile: 7676.41 MB
Available Pagefile: 5366.02 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.91 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:456.13 GB) (Free:323.47 GB) NTFS
2 Drive d: (XP-310) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\DENNISHENDRICKS
 
Administrator            Dennis Hendrickson       Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-08-2014 00:00:04 Windows Backup
19-08-2014 07:24:46 Windows Update
23-08-2014 07:23:40 Windows Update
25-08-2014 21:17:25 Windows Modules Installer
27-08-2014 07:23:55 Windows Update
28-08-2014 08:00:10 Windows Update
05-09-2014 16:05:50 Windows Update
05-09-2014 16:07:38 Installed Java 7 Update 67
05-09-2014 16:15:43 Installed ScreenConnect Client (f886349e6cfb9ba9)
05-09-2014 16:19:20 Windows Update
05-09-2014 19:53:00 Installed Microsoft Fix it 50535
06-09-2014 08:00:33 Windows Update
08-09-2014 11:59:09 Windows Backup
 
**** End of log ****
 

 

 

 

 

# AdwCleaner v3.309 - Report created 05/09/2014 at 14:58:23
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dennis Hendrickson - DENNISHENDRICKS
# Running from : C:\Users\Dennis Hendrickson\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
Folder Found : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Found : C:\Program Files (x86)\Software Updater
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Dennis Hendrickson\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dennis Hendrickson\AppData\LocalLow\Delta
Folder Found : C:\Users\Dennis Hendrickson\AppData\LocalLow\MapsGalaxy_39EI
Folder Found : C:\Users\Dennis Hendrickson\AppData\Roaming\Updater
Folder Found : C:\Users\Dennis Hendrickson\Documents\PC Health Kit
 
***** [ Scheduled Tasks ] *****
 
Task Found : LaunchApp
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Found : HKLM\SOFTWARE\V9Software
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Dennis Hendrickson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6910 octets] - [05/09/2014 14:58:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6970 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Dennis Hendrickson on Fri 09/05/2014 at 15:21:31.42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\ezlyrics

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ezlyrics_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ezlyrics_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ezlyrics_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ezlyrics_RASMANCS

 

 

~~~ Files

 

 

~~~ Folders

 

 

~~~ Event Viewer Logs were cleared

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 09/05/2014 at 15:34:03.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\setup.exe.vir a variant of Win32/AirAdInstaller.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\SoftwareUpdater.exe.vir a variant of Win32/AirAdInstaller.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir Win32/AirAdInstaller.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\Dennis Hendrickson\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\31BA9B98.exe.vir a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAO1R3P1\jsonCA8Y4KW7.js HTML/Iframe.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAO1R3P1\kidstash_info[1].htm HTML/ScrInject.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAO1R3P1\kidstash_info[2].htm HTML/ScrInject.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAO1R3P1\youth-football-coaching-skills-corridor-plus[1].htm HTML/ScrInject.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFYR1S0T\kidstash_info[1].htm HTML/ScrInject.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFYR1S0T\kidstash_info[2].htm HTML/ScrInject.B.Gen virus
C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJYYR9TI\kidstash_info[1].htm HTML/ScrInject.B.Gen virus

Edited by doug3515, 08 September 2014 - 04:39 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:52 PM

Posted 08 September 2014 - 06:27 PM

Hello, Uninstall these thru Control Panel

SUPERAntispyware,,Install is corrupt.
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)

Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)

Reboot machine.. Reinstall SUPR if you'd like.

>>>
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
How is it now?

I do not see an installed antivirus. This would stop the ,HTML/ScrInject.B.Gen virus, that loks to connect to the internet and send the info it steals back home. Please change your passwords.
You want a free one?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 September 2014 - 08:20 PM

Using Panda Cloud Office Protection on the machine ...

 

uninstalled Java's MBAM and SAS

 

Re installed JAVA

 

Ran TFC 2.5 mb cleaned (TFC CRASHED had to force quit twice), rebooted attempted again 0 removed and crashed again (usually use CCleaner and bleachbit) Ran Bleachbit as the TFC did not work

 

attempted to pull out files out of a zip file and nothing gets extracted

 

attempted scan and scanning with SAS now

 

 

any other suggestions ... still freezing on scans



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:52 PM

Posted 08 September 2014 - 08:53 PM

Lets also run ASW
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Have you tried SAS and MBAM in safe mode and see if they freeze.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 September 2014 - 09:29 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-09-08 21:00:40
-----------------------------
21:00:40.141    OS Version: Windows x64 6.1.7601 Service Pack 1
21:00:40.141    Number of processors: 2 586 0x602
21:00:40.141    ComputerName: DENNISHENDRICKS  UserName: 
21:00:42.000    Initialize success
21:00:42.078    VM: initialized successfully
21:00:42.109    VM: Amd CPU supported 
21:00:50.960    VM: supported disk I/O ataport.SYS
21:05:10.035    AVAST engine defs: 14090802
21:05:29.543    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:05:29.543    Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
21:05:29.652    Disk 0 MBR read successfully
21:05:29.652    Disk 0 MBR scan
21:05:29.668    Disk 0 Windows VISTA default MBR code
21:05:29.684    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
21:05:29.715    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         9818 MB offset 81920
21:05:29.715    Disk 0 Boot: NTFS     code=1
21:05:29.730    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       467081 MB offset 20189184
21:05:29.762    Disk 0 scanning C:\Windows\system32\drivers
21:05:41.092    Service scanning
21:06:03.275    Modules scanning
21:06:03.275    Disk 0 trace - called modules:
21:06:03.291    
21:06:05.085    AVAST engine scan C:\Windows
21:06:07.924    AVAST engine scan C:\Windows\system32
21:09:46.551    AVAST engine scan C:\Windows\system32\drivers
21:10:06.336    AVAST engine scan C:\Users\Dennis Hendrickson
21:17:01.929    AVAST engine scan C:\ProgramData
21:26:01.403    Scan finished successfully
21:26:37.268    Disk 0 MBR has been saved successfully to "C:\Users\Dennis Hendrickson\Desktop\MBR.dat"
21:26:37.283    The log file has been saved successfully to "C:\Users\Dennis Hendrickson\Desktop\aswMBR.txt"


#13 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 08 September 2014 - 09:43 PM

I will attempt the scans in safe mode



#14 doug3515

doug3515
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 09 September 2014 - 09:59 AM

The machine is completing scans in safe mode 



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:52 PM

Posted 09 September 2014 - 10:56 AM

Did they find more and are you still freezing in Normal mode?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users