Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

websearches.com as startpage, slow bootup, slow pc [Solved]


  • This topic is locked This topic is locked

#46
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Farbar Service Scanner Version: 21-07-2014
Ran by Gisele (administrator) on 17-11-2014 at 19:34:48
Running from "C:\Users\Gisele\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


  • 0

Advertisements


#47
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
 hope these files are not already infected?

 

I see what you have done and based on that no there is no issue and the files are not re-infected.


  • 0

#48
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

microsoft fix it done, reboot was asked, so I said yes, after reboot I started to unstall MSE install app , same errorcode.0x8007063


  • 0

#49
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, the good news is that you are malware free. The bad news is there still appears to be some corruption of some sort that at the very least is affecting MSE. So please follow the instructions below to clean up our tools. Then we can (if you wish) turn our attention solely to the MSE issue. If you do not wish to continue looking at this please let me know.

 

Step#1 - Uninstall Combofix

 

1. Please ensure that Combofix.exe is still on your desktop before proceeding.

2. Click your Start button and in the search box type Combofix /Uninstall and hit enter on your keyboard. (Note there is a space after Combofix and before /Uninstall).

3. Allow Combofix to run as it will perform the uninstall procedures.

 

 

Step#2 - Cleanup
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.

1. Download Delfix from here.
2. Ensure everything is checked and click Run.

Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

 

You may also want to delete the AVG 2014 & 2015 uninstallers that you downloaded as well as the .bat file that we created.

 

 

 

 

Items for your next Post

1. Delfix log

2. Do you wish to continue on the MSE issue?


  • 0

#50
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Yes I wish to continue to solve the MSE issue.

 

I uninstalled combofix

 

next is cleanup.


  • 0

#51
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

# DelFix v10.8 - Logfile created 17/11/2014 at 21:07:57
# Updated 29/07/2014 by Xplode
# Username : Gisele - GISELE-HP-LAP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Gisele\Desktop\combofix - vast.jpg
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #354 [ComboFix created restore point | 11/17/2014 20:01:45]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#52
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Yes I wish to continue to solve the MSE issue.

 

I was hoping you would say that. I'll prepare instructions now for you.


  • 0

#53
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - Identify Where Permission Denied is happening
1. Please download Procmon from Microsoft to your desktop.
2. Please download AccessDenied.PMF and save to your desktop.
3. Double-click on Procmon to open. Click Yes to allow if prompted.
4. Click the Filter menu....then Organize Filters....Click the Import button...browse to the desktop and select the AccessDenied.PFM filter.
OrganizeFilter.JPG
 
5. Click OK to exit the Organize Filter screen.

6. Now click the Filter menu....select Load Filter and choose AccessDenied.

LoadFilter.JPG

 

7. Leave this program running and go ahead and try to install Microsoft Security Essentials.

8. Once the error occurs, please click the Capture icon on the toolbar to stop the capture. (it's the icon that looks like a magnifying glass).

Capture.JPG

 

9. Select the file menu and choose Save. Keep all the defaults and click OK. This should save a file named Logfile.PML to your desktop.

10. Please send me the Logfile.PML file. You will need to use dropbox, skydrive or another service such as https://www.sendspace.com/ to attach the file and then send me a link to download it.

 

Thank you.


  • 0

#54
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

the logfile , I used wetransfer

 

 

http://we.tl/rrZrs46MQ3


  • 0

#55
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent and can you send me the MSE log again so I can correlate the times? (i.e. MSSecurityClient_Setup_4.6.305.0_epp_Install.log)

 

Thank you.


  • 0

Advertisements


#56
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

See attached


  • 0

#57
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - FRST Fix

 

You will need to re-download FRST and save to your desktop.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the DesktopAttached File  fixlist.txt   430bytes   55 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Try to run the MSEInstall again

 

Let me know the results. Thank you.

 

  

 

Items for your next post

1. FRST Fix log

2. Results of the MSE Install


  • 0

#58
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

I tried to download FRST but page not found, 


  • 0

#59
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Gisele at 2014-11-18 20:24:16 Run:1
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
cmd: takeown /f "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NisDrvWFP.cat"
cmd: icacls "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NisDrvWFP.cat" /grant Everyone:F /q
cmd: takeown /f "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mpfilter.CAT"
cmd: icacls "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mpfilter.CAT" /grant Everyone:F /q
*****************
 
 
=========  takeown /f "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NisDrvWFP.cat" =========
 
 
Voltooid: het bestand (of de map) C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NisDrvWFP.cat heeft nu gebruiker Gisele-HP-LAP\Gisele als eigenaar.
 
========= End of CMD: =========
 
 
=========  icacls "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NisDrvWFP.cat" /grant Everyone:F /q =========
 
Everyone: Er is geen toewijzing uitgevoerd tussen accountnamen en beveiligings-id's.
0 bestanden zijn verwerkt; 1 bestanden zijn niet verwerkt
 
========= End of CMD: =========
 
 
=========  takeown /f "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mpfilter.CAT" =========
 
 
Voltooid: het bestand (of de map) C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mpfilter.CAT heeft nu gebruiker Gisele-HP-LAP\Gisele als eigenaar.
 
========= End of CMD: =========
 
 
=========  icacls "C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mpfilter.CAT" /grant Everyone:F /q =========
 
Everyone: Er is geen toewijzing uitgevoerd tussen accountnamen en beveiligings-id's.
0 bestanden zijn verwerkt; 1 bestanden zijn niet verwerkt
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

  • 0

#60
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

Same errorcode, even after I rebooted the laptop.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP