[canadianchicklet]

hello... i havent been here for quite some time.. and years ago you helped me often get rid of virus... i have a different computer now.. its supposed to be pretty good.. i think.. but im not sure... and every time i open a web page.. 3 open at once.. and its running slow.. and i have a program called free pdf converter that i cant uninstall.. idk if i need  it or not.. but it appeared on my desk top and i didnt see it before... i would appreciate if someone could walk me thru checking if i do indeed have a virus... and also cleaning up my computer so it runs.. i have a bunch of crap im sure that i dont need... like in the uninstall program section... there is so many things that i dont know if i need or not... how can i tell? and in the start up... id like to know which i can stop from running... if you can help with any or all of these issues .. i would greatly appreciate it! thanks a bunch..

[Advertisements]

Hi there, lets have a quick looksee at your system

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  rpcss.dll
  /md5stop
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

[Essexboy]

Hi there, lets have a quick looksee at your system

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  rpcss.dll
  /md5stop
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

[canadianchicklet]

hey!! essexboy! i think your the one that helped me a few years ago!.. woot... i did the scan.. but only one page opened after.. i attached it... ill try and run the scan again and see if a second one opens this time.. thanks for your speedy response!

[canadianchicklet]

 OTL.Txt   160.44KB   117 downloads

[Essexboy]

Hi again, it is good that it has been a long time

Let me know how the performance is after this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4250544765-2864251858-613005650-1000\..\SearchScopes\{12600CD6-F1B1-42C8-8961-AB069BD82542}: "URL" = http://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M751859B6-AE81-415E-9E5C-3D631D99FC6A&SearchSource=58&CUI=&UM=5&UP=SP65540B85-BE5B-4271-BEC6-D17995C09D1B&q={searchTerms}&SSPV=
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.4 Customized Web Search"
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4250544765-2864251858-613005650-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
[2013/03/12 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\THE USER\AppData\Roaming\AVG
[2011/01/10 16:26:08 | 000,000,000 | ---D | M] -- C:\Users\THE USER\AppData\Roaming\AVG10
[2013/08/04 21:12:04 | 000,000,000 | ---D | M] -- C:\Users\THE USER\AppData\Roaming\Curse Advertising

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[canadianchicklet]

 OTL.Txt   97.35KB   125 downloads  AdwCleanerS0.txt   6.59KB   115 downloads  aswMBR.txt   2.1KB   103 downloads

[canadianchicklet]

here u are! i can already tell its better after reboot... 3 web pages didnt open one being conduit... ty ty ty... can you give me  the latest free antivirus malware protection i should have on my computer? i wish i could say i know more about computers in the few years since i came here but i dont!!

[canadianchicklet]

i spoke to soon... the conduit page and the 3 pages are opening still... and it takes forever the the computer to reboot... also.. i realized my computer is different than years ago.. i attempted to change the specs in my profile.. but i put to much info.. im not sure what is needed

[Essexboy]

Could you reset chrome (that is the one with 3 tabs ?) https://support.goog...296214?hl=en-GB

Lets see where it is hiding

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[canadianchicklet]

 FRST.txt   60.5KB   97 downloads  Addition.txt   32.6KB   191 downloads                       there u go!

[canadianchicklet]

oh! and the google reset worked! thanks so much

[Essexboy]

Unfortunately none of the tools we use can reset chrome start or search, hence the requirement to do it manually

How is the computer behaving after this run ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

C:\ProgramData\hash.dat
C:\Users\THE USER\jagex_cl_loginapplet_LIVE.dat
C:\Users\THE USER\jagex_cl_runescape_LIVE.dat
C:\Users\THE USER\jagex_cl_runescape_LIVE1.dat
C:\Users\THE USER\random.dat
Task: {FE9DE7DE-67EA-40E8-B68B-CC42D5CBD029} - \VisualBeeRecovery No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\THE USER\Downloads\DESPERATELY Need Shopper in Thunder Bay TODAY! Name Your Own BONUS!!.eml:OECustomProperty
AlternateDataStreams: C:\Users\THE USER\Downloads\STN - Sandwich Shop Assignments $20 Incentive.eml:OECustomProperty
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

[canadianchicklet]

 Fixlog.txt   3.64KB   168 downloads        i hope i did it correctly... i saved it as u said... to desktop.. which is where the frst program is... it ran for a millisecond then rebooted.. here is the log... and it seems to be doing fine!

[Essexboy]

Those were the last few elements.  Just a sweep for orphans now and we should be done

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

[canadianchicklet]

ok.. i have that program already... also.. that pdf converter program that appeared.. is still there.. i cant delete it.. i dont think i had it before.. and idk if i need it... ill run that program now