Jump to content
jonbam

Evidence of infection with at least minor PUPs

Recommended Posts




After installing: Zoek.exe v5.0.0.0 Updated 27-09-2014

I have noticed my Windows 7 Boot Screen is slower.

It usually boots into the login screen in about 3 seconds? Now I see the windows graphics for longer now.

thanks

Jonathan

Share this post


Link to post
Share on other sites

I have just logged into photobucket.com on another computer of mine (a laptop) and the pop-under has appeared. It's not a popup, its a pop-under.

I have wasted a lot of time frown.png

 

Are you indicating you have stopped this issue from happening?

 

Next,

 

I do not see why Zoek would have a negative effect on your Boot time, see what happens later when we clean up and remove tools etc...

 

What is your current status, are there any remaining issues or concerns....

 

Kevin

Share this post


Link to post
Share on other sites

The pop unders where due to the photobucket website.

 

This morning I had a crash report from firefox.

 

thanks

 

 

 

Jonathan

Share this post


Link to post
Share on other sites

I guess you version of Photoucket is the free one, I have a paid for version and don`t the issue you mention. Go to the following link:

 

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus-pop-up-addon/

 

Install that version of Adblock, see if that helps....

 

To clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

let me know the current status, also if any remaining issues/concerns.....

 

Thanks,

 

Kevin...

Share this post


Link to post
Share on other sites

Hi

Intel® Core™i5 Quad Core Processor i5-3570 (3.4GHz) 6MB Cache
ASUS® P8Z77-V LX: USB 3.0, SATA 6GBs, ATI®CrossFireX
120GB KINGSTON HYPERX 3K SSD, SATA 6 Gb/s (upto 555MB/sR | 510MB/sW)

 


Just had this message:

(windows 7)
Error: windows has recovered from unexpected shut down!

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: a
BCP1: FFFFFA809000CA60
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF800030A7150
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\100314-7254-01.dmp
C:\Users\Jonathan\AppData\Local\Temp\WER-17706-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

 

 

Firefox has crashed two times so far at windows7 startup.

If this blue screen reappears ill have to use my reflect backup from 9 weeks ago.

thanks

Jonathan

Share this post


Link to post
Share on other sites

Malewarebytes has stopped crashing since following your advice.

 

I may go back to a image file backup. Will this webpage still be available, so I can follow its instructions?

 

 

thanks

 

Jonathan

Share this post


Link to post
Share on other sites

Can you zip up and attach this file: C:\Windows\Minidump\100314-7254-01.dmp

 

Yes this thread will always be available, maybe bookmark it for reference. As you use Firefox, open to this page, select these keys together Ctrl and D that will give the bookmark option

Share this post


Link to post
Share on other sites

Thanks for the upload, are you having any issues with your internet connection, dump file is not really conclusive, had a look back at the event viewer logs cotained in FRST.txt. Those seem to indicate possible WLAN driver issue.

 

Run this please see what the log shows:

 

Download VEW by Vino Rosso  from HERE and save it to your Desktop.

  • Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 10 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.


 
Please post the Output log in your next reply.

 

Kevin...

Share this post


Link to post
Share on other sites

Hi

 

No I haven't had any problems with my internet connection

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/10/2014 13:36:24

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/10/2014 11:52:00
Type: Error Category: 0
Event: 11316 Source: MsiInstaller
Product: Google Update Helper -- Error 1316. The specified account already exists.

Log: 'Application' Date/Time: 05/10/2014 10:54:20
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 05/10/2014 10:54:20
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 05/10/2014 10:54:15
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 05/10/2014 10:54:14
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 05/10/2014 10:54:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 05/10/2014 09:52:00
Type: Error Category: 0
Event: 11316 Source: MsiInstaller
Product: Google Update Helper -- Error 1316. The specified account already exists.

Log: 'Application' Date/Time: 05/10/2014 08:52:03
Type: Error Category: 0
Event: 11316 Source: MsiInstaller
Product: Google Update Helper -- Error 1316. The specified account already exists.

Log: 'Application' Date/Time: 05/10/2014 08:35:41
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 05/10/2014 08:35:41
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/10/2014 15:23:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/10/2014 10:54:03
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 05/10/2014 08:35:23
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 04/10/2014 16:57:52
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 04/10/2014 16:49:49
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Server service terminated with the following error:  The service has not been started.

Log: 'System' Date/Time: 04/10/2014 16:49:49
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error:  A system shutdown is in progress.

Log: 'System' Date/Time: 04/10/2014 16:49:47
Type: Error Category: 0
Event: 12291 Source: Microsoft-Windows-Directory-Services-SAM
SAM failed to start the TCP/IP or SPX/IPX listening thread

Log: 'System' Date/Time: 04/10/2014 16:49:40
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 04/10/2014 16:45:09
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 04/10/2014 16:34:51
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start.  Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

Log: 'System' Date/Time: 04/10/2014 16:31:15
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Server service terminated with the following error:  The data is invalid.
 

Share this post


Link to post
Share on other sites

Select start, type or copy/paste services.msc into the search box, select ok or tap enter key. The services window should open, scroll to:

 

WLAN autoconfig

 

What is the "Status" and "Startup type"

 

For a wireless connection the settings are usually "Status" = started  "Startup type" = automatic

Share this post


Link to post
Share on other sites

Hi

 

I'll have to wait and see.  The blue screen error was on the 3rd October. I'll wait a few days and see what happens. It could just be a one off error?

 

Malwarebytes has been very stable since using the software tools in this post. It use to crash a lot.

 

There's a possibility I'll go back to a backup image file & rerun the tools in this post.

 

 

thanks

 

Jonathan

Share this post


Link to post
Share on other sites

Thanks for the update, the dump file did not indicate a specific fault so I guess its best to run your system for 24 hours or so and see how it responds. Let me know how the system performs, if any issues or concerns return and how you want to progress....

 

Thanks,

 

Kevin..

Share this post


Link to post
Share on other sites

Yep Normal Startup is the default setting, Selective Startup is used when you want to stop certain programs starting/running at boot.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.