Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just clean installed windows 7 and not sure what programs to add


  • Please log in to reply
12 replies to this topic

#1 chugg

chugg

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 23 March 2014 - 05:10 PM

I dont have a virus protection yet.  I downloaded malwarebytes and did a scan and already have 2 viruses.  I downloaded comodo but it looks different and I am afraid I downloaded a malware fake comodo.  Im getting popups that say I have no vrus protection. Which virus protection should I use and what programs should I put on this computer.  I do have a license for combofix. 


Edited by hamluis, 24 March 2014 - 08:42 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:25 AM

Posted 23 March 2014 - 05:26 PM

Check out the programs offered at Ninite first as they are adware free. Almost all free programs today come with adware. Ninite - Install or Update Multiple Apps at Once

 

You don't need a license for combofix....maybe you meant Comodo...You should only use Combofix under professional supervision...not designed for use by less experienced users.

 

Post the log from the MBAM scan so we can see what it found and removed.

 

Use the programs below to scan for adware.

 

  • download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Comodo download site:  Free Antivirus | Download Free Antivirus from Comodo

If you downloaded from site other than that or not sure, uninstall and either reinstall Comodo or maybe Avast which is available at Ninite.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 March 2014 - 11:49 AM

Thank you for your help buddy.  I was able to run all of the programs that you mentioned with the exception of JRT.  When I try to run this I get the following error.  "Error during execution.c/users/mike/app data/local/temp/jrt/get.bat access is denied.  The rest of the logs follow.  Thanks!

 

# AdwCleaner v3.015 - Report created 18/12/2013 at 00:53:06
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-3D7C2733C7
# Running from : C:\Documents and Settings\User\Desktop\spy\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\searchplugins\conduit-search.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\user.js
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found C:\Documents and Settings\User\Application Data\FREEzeFrog
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\Searchprotect
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\FREEzeFrog
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\FREEzeFrog
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FREEzeFrogSA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Homepage Protection Service
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IspAssistant-Mp3Tube
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestScan
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_10F70000
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\prefs.js ]
 
Line Found : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_2663.name", "KariSweet_300x315");
Line Found : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_2663.url", "hxxp://assets1.exgfnetwork.com/banners/testing/xpassion/Ads/KariSweets/KariSweet_300x315.f4v");
Line Found : user_pref("aol_toolbar.surf.date", "203");
Line Found : user_pref("aol_toolbar.surf.lastDate", "16");
Line Found : user_pref("aol_toolbar.surf.lastMonth", "2");
Line Found : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Found : user_pref("aol_toolbar.surf.month", "504");
Line Found : user_pref("aol_toolbar.surf.prevMonth", "304");
Line Found : user_pref("aol_toolbar.surf.total", "2733");
Line Found : user_pref("aol_toolbar.surf.week", "257");
Line Found : user_pref("aol_toolbar.surf.year", "1561");
Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPABB31BE7-8779-40AD-867A-920DAD99B455");
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111206171709593&tb_oid=06-12-2011&tb_mrud=06-12-2[...]
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPABB31BE7-8779-40AD-867A-920DAD99B455&SSPV=");
Line Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20111206171709593&tb_oid=06-12-2011&tb_mrud=06-12-2011&query=");
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4632 octets] - [18/12/2013 00:53:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4692 octets] ##########
# AdwCleaner v3.022 - Report created 23/03/2014 at 21:56:54
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5534 octets] - [18/12/2013 01:53:06]
AdwCleaner[S0].txt - [4929 octets] - [18/12/2013 01:55:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5654 octets] ##########
 
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Mike (administrator) on 24-03-2014 at 12:31:51
Running from "C:\Users\Mike\Downloads"
Microsoft Windows 7 Ultimate   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Wireless WiFi Link 4965AG = Wireless Network Connection (Connected)
Intel® 82566MM Gigabit Network Connection = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Mike-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AG
   Physical Address. . . . . . . . . : 00-13-E8-6D-E0-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::11e3:ffec:6e4c:f3d2%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 24, 2014 11:52:41 AM
   Lease Expires . . . . . . . . . . : Thursday, April 30, 2150 7:04:34 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 218108904
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C0-84-A1-00-0B-97-D8-78-22
   DNS Servers . . . . . . . . . . . : 156.154.70.22
                                       156.154.71.22
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-0B-97-D8-78-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1c98:d694:bc15:b2b3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c98:d694:bc15:b2b3%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  156.154.70.22
 
Name:    google.com
Addresses:  2607:f8b0:4004:803::1002
 74.125.228.104
 74.125.228.102
 74.125.228.100
 74.125.228.98
 74.125.228.96
 74.125.228.99
 74.125.228.105
 74.125.228.110
 74.125.228.97
 74.125.228.103
 74.125.228.101
 
 
Pinging google.com [74.125.228.104] with 32 bytes of data:
Reply from 74.125.228.104: bytes=32 time=28ms TTL=56
Reply from 74.125.228.104: bytes=32 time=29ms TTL=56
 
Ping statistics for 74.125.228.104:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server:  UnKnown
Address:  156.154.70.22
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=79ms TTL=52
Reply from 98.138.253.109: bytes=32 time=61ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 79ms, Average = 70ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 13 e8 6d e0 03 ......Intel® Wireless WiFi Link 4965AG
 11...00 0b 97 d8 78 22 ......Intel® 82566MM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    281
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:1c98:d694:bc15:b2b3/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 12    281 fe80::11e3:ffec:6e4c:f3d2/128
                                    On-link
 13    306 fe80::1c98:d694:bc15:b2b3/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/23/2014 10:23:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2014 08:19:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Update Laflurla since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/23/2014 06:00:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/23/2014 05:55:10 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f2b3d60b-a4e4-4258-9788-b2c8ae43a200}
 
 
System errors:
=============
Error: (03/24/2014 11:52:41 AM) (Source: Service Control Manager) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
Error: (03/24/2014 11:49:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (03/23/2014 10:41:21 PM) (Source: Service Control Manager) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
Error: (03/23/2014 10:32:16 PM) (Source: Service Control Manager) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
Error: (03/23/2014 08:38:00 PM) (Source: Service Control Manager) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
Error: (03/23/2014 08:34:11 PM) (Source: Service Control Manager) (User: )
Description: The Util Laflurla service failed to start due to the following error: 
%%2
 
Error: (03/23/2014 06:18:46 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/23/2014 06:18:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/23/2014 02:57:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
 
Error: (03/23/2014 02:55:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
Comodo Dragon (Version: 31.1.0.0)
COMODO Firewall (Version: 6.3.39949.2976)
CompanionLink (Version: 6.00.6000)
GeekBuddy (Version: 4.9.73)
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Laflurla (Version: 2014.03.20.234319)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
VLC media player 2.0.0 (Version: 2.0.0)
WeatherBug (Version: 7.0.0.11)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 3318.37 MB
Available physical RAM: 1956.81 MB
Total Pagefile: 6635.01 MB
Available Pagefile: 5068.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.4 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:298.08 GB) (Free:222.7 GB) NTFS
2 Drive d: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\MIKE-PC
 
Administrator            Guest                    Mike                     
 
 
**** End of log ****
 
 

C:\System Volume Information\_restore{075E3FCB-CC9D-40B6-980D-E1451D91FCA0}\RP732\A0142996.exe    multiple threats  cleaned by deleting - quarantined

C:\System Volume Information\_restore{075E3FCB-CC9D-40B6-980D-E1451D91FCA0}\RP767\A0151104.exe    Win32/HackTool.Ares.A application   cleaned by deleting - quarantined



#4 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:25 AM

Posted 24 March 2014 - 12:21 PM

AdWare Cleaner doesn't show that you allowed it to delete what it found. Rerun, allow it to delete what it found and post the new log.

 

I note two programs installed that are adware intensive....WeatherBug and Laflurla. You should attempt to uninstall them from the Add/ Remove list.

 

Turn off/ Exit/ Disable ALL security programs and run the Junkware Removal Tool again.

 

I assume the last part of your last post is from the Eset scan. It only noted items found in System Restore files. One is of particular concern.... Win32/HackTool.Ares.A

In my first post I asked for the MBAM log that shows the malware it found before your opening post. I would like to see if the above mentioned

malware was one of the things it found and removed. Unless you intentionally deleted the log, you should still be able to find it and post it.


Edited by buddy215, 24 March 2014 - 12:23 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 24 March 2014 - 12:53 PM

sorry my mistake on the MBAM.  See below.  I will work on the other things shortly.  I think I will get rid of Comodo and install Avast.  Thanks again!



#6 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 25 March 2014 - 12:27 AM

I ran Adware Cleaner again and it doesnt seem like Im hitting the right options.  I click scan and the next thing I know I see nothing listed and I see remove.  The log is below and its short. 

 

I tried to remove ...WeatherBug and Laflurla.  Laflurla removed no problem but when I try to remove weatherbug I get a popup that states "do you want to allow the following program to update software on this computer?".  I got this program when I installed Comodo.  

 

I did remove Comodo and installed Avast. 

 

I am still getting the same error when I try to run junkware removal. 

 

The Mbam log is below.  Thanks!

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.03.23.09
 
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]
 
3/23/2014 4:34:24 PM
mbam-log-2014-03-23 (16-34-24).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358436
Time elapsed: 2 hour(s), 31 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCU\Software\Laflurla (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update Laflurla (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
HKLM\Software\Laflurla (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4a89cd3-c5f5-49c4-abcf-5f26d636476f} (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{b4a89cd3-c5f5-49c4-abcf-5f26d636476f} (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{f1ec172a-3fec-4fef-a218-13f15e1b8c8d} (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Program Files\Laflurla (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\bin (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\bin\plugins (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
 
Files Detected: 26
C:\System Volume Information\_restore{075E3FCB-CC9D-40B6-980D-E1451D91FCA0}\RP753\A0146164.dll (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{075E3FCB-CC9D-40B6-980D-E1451D91FCA0}\RP753\A0146168.exe (PUP.Optional.Bomlabio.A) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\User\Desktop\virus\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\002\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\User\Local Settings\temp\uttD63.tmp (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\Laflurla.ico (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\7za.exe (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\Laflurla.BrowserFilter.Helper.dll (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\Laflurla.FirstRun.exe (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\LaflurlaBHO.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\LaflurlaUninstall.exe (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\updateLaflurla.exe (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\updateLaflurla.InstallState (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\7za.exe (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\BrowserAdapterS.7z (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\Laflurla.BrowserFilter.Helper.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\LaflurlaBrowserFilter.exe (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\utilLaflurla.exe (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\bin\utilLaflurla.InstallState (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\XTLS.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\XTLSApp.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\XTLSApp.exe (PUP.Optional.Laflurla.A) -> Delete on reboot.
C:\Program Files\Laflurla\bin\plugins\Laflurla.BrowserAdapterS.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\plugins\Laflurla.BrowserFilterG.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\plugins\Laflurla.FFUpdate.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
C:\Program Files\Laflurla\bin\plugins\Laflurla.IEUpdate.dll (PUP.Optional.Laflurla.A) -> Quarantined and deleted successfully.
 
(end)
 

 

# AdwCleaner v3.022 - Report created 25/03/2014 at 00:35:19
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16540
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5734 octets] - [18/12/2013 01:53:06]
AdwCleaner[R1].txt - [860 octets] - [25/03/2014 00:28:35]
AdwCleaner[S0].txt - [5896 octets] - [18/12/2013 01:55:47]
AdwCleaner[S1].txt - [782 octets] - [25/03/2014 00:35:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [841 octets] ##########


#7 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:25 AM

Posted 25 March 2014 - 05:42 AM

AdwCleaner says you removed the adware....good.

Are you sure you completely shut down and removed all of Comodo? That could be the reason JR is not working...or Avast is blocking it now.

Suggest you uninstall JR, download again, shut down Avast and attempt to run JR again. If that doesn't work then I will ask around about what the problem is.

 

You can use Revo uninstaller to remove Weather Bug. Suggest you use it to remove all remnants of Comodo, too.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

 

Be sure to check the website Ninite (in my first post) for programs that you want to install. The downloads there do not have adware piggy backed onto them.

 

Let me know if you have any other issues/ problems.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 25 March 2014 - 12:46 PM

Hi Buddy,

 

I did get rid of Comodo and weatherbug completely using Revo.  This is a great program and Im going to keep it.  Ninite is a great site as well and I will get my downloads from there.  The JRT log is below.  I really think I had a virus copy of Comodo which created my problems.  I think IM good now but I will wait to hear back from you to be sure.  Thanks!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Mike on Tue 03/25/2014 at 13:36:00.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/25/2014 at 13:40:40.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 buddy215

buddy215

  • BC Advisor
  • 12,986 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:25 AM

Posted 25 March 2014 - 01:42 PM

Good...I think you got rid of all the crapware, too.

 

It's a good idea to use CCleaner to cleanup temporary files, logs, cookies, etc. Use the default settings once installed.

Pay close attention during install and UNcheck any offers of toolbars such as Yahoo. No need to use the Registry Cleaning tool and

it has the potential to cause a problem. CCleaner - PC Optimization and Cleaning - Free Download

 

You can block the Ad/ tracking/ Third Party cookies from installing on computer. After blocking them, run CCleaner to remove the ones

presently installed. Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

HAPPY SURFING!


Edited by buddy215, 25 March 2014 - 01:42 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 26 March 2014 - 12:52 PM

Thanks Buddy!  I have a license for system mechanic.  Do you suggest that I use this?



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 AM

Posted 26 March 2014 - 01:16 PM

System Mechanic is a comprehensive optimization suite by iolo that purports to improve performance, make repairs and enhance the speed of a computer. It includes a registry cleaner, a registry revitalizer (to fix "so called problems"), system optimizer and several other features.

System Mechanic Pro incorporates the same optimization suite but also purports to plug security holes and protect privacy, and includes System Shield AntiVirus & AntiSpyware.

There are several labs which test the effectiveness of major anti-virus programs to include AV-Comparatives.org, Virus Bulletin Comparative Tests, AV-Test.org, NSS Labs Consumer Anti-Malware Products Group Test Report, etc. I cannot find any which have tested System Shield AntiVirus & AntiSpyware. I would be skeptical of any vendor not participating in comparative testing.

These types of programs and the claims they make are borderline scams. There is no statistical evidence to back such claims. Advertisements to do so are a marketing ploy intended to goad users into using an unnecessary and potential dangerous product. I would not trust any results the program detects as problematic or needing repair nor recommend using the options to fix them.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Why you should not use Registry Cleaners and Optimization Tools

Be sure to read Microsoft's support policy for the use of registry cleaning utilities in that topic...Microsoft does not support the use of registry cleaners.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 chugg

chugg
  • Topic Starter

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 26 March 2014 - 02:04 PM

Point taken quietman and thank you for your time in this matter!



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 AM

Posted 26 March 2014 - 03:35 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users