Firefox Slows To Dialup Speed After Restarting.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 1dtall, Aug 8, 2018.

  1. 1dtall

    1dtall Private E-2

    After restarting FireFox, FireFox slows to dialup speed over a very short time. I'm using Vista with Firefox. Mgtools froze at Running processdll.exe to find loaded DLLs. It did create Mglogs.zip. Let me know what files you need. Also at random times the webpage I'm on will flash or jump and will say at the top page or FireFox not responding. Thanks for your help. Ran a hijackthis and saw O13 - Gopher Prefix: of which I'm not familiar. Please let me know if you need to look at the hijackthis file, I need help with this I think I did everything correctly in getting the txt files you need. Again thanks for your help...
     

    Attached Files:

    1dtall, Aug 8, 2018
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Reopen RogueKiller and remove these:
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Reimage -> Found
    [PUP.SpeedUpMyPc|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Uniblue -> Found
    [PUP.SpeedUpMyPc|PUP.Gen1] HKEY_USERS\S-1-5-21-4229604500-3487303875-4101604920-1000\Software\Uniblue -> Found

    ¤¤¤ Files : 5 ¤¤¤
    [PUP.SpeedUpMyPc|PUP.Gen1][Folder] C:\Users\David\AppData\Roaming\Uniblue -> Found
    [PUP.SpeedUpMyPc|PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue -> Found
    [PUP.Gen0][Folder] C:\Program Files\PCActivator -> Found

    Now remove these in Hitman:
    Potential Unwanted Programs _________________________________________________

    HKLM\SOFTWARE\Babylon\ (Babylon)
    HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
    HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
    HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
    HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
    HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
    HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
    HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
    HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
    HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
    HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
    HKLM\SOFTWARE\Reimage\ (ReimageRepair)

    All Cookies.

    Reboot and rescan with RogueKiller, Hitman and please attach the log from running ADWCleaner.
     
    TimW, Aug 8, 2018
    #2
  3. 1dtall

    1dtall Private E-2

    Looks like a lot of files were not deleted the 1st time. I thought I did everything correctly. Here are the 3 files you requested. Thank you for your help...
     

    Attached Files:

    1dtall, Aug 9, 2018
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please remove these in ADWCleaner:
    Folders
    PUP.Optional.Legacy C:\Uniblue
    PUP.Optional.Legacy C:\Users\David\AppData\Roaming\Uniblue

    ***** [ Files ] *****

    PUP.Optional.Uniblue C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
    PUP.Optional.Uniblue C:\Users\Public\Desktop\RegistryBooster.lnk

    Registry
    PUP.Optional.Babylon HKCU\Software\Microsoft\Internet Explorer\DOMStorage\babylon.com
    PUP.Optional.Legacy HKCU\Software\Uniblue
    PUP.Optional.Legacy HKLM\Software\Uniblue

    Now use RogueKiller to remove these:
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47d4-9D2C-303115707939} -> Found
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} -> Found
    [PUP.SpeedUpMyPc|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Uniblue -> Found

    ¤¤¤ Files : 3 ¤¤¤
    [PUP.SpeedUpMyPc|PUP.Gen1][Folder] C:\Users\David\AppData\Roaming\Uniblue -> Found

    Reboot and rerun ADW and RogueKiller and attach the new logs.

    I want you to run one more scan:
    Please download Zemana Malware Removal to your desktop and run it please.

    It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please.
     
    TimW, Aug 9, 2018
    #4
  5. 1dtall

    1dtall Private E-2

    It's been a long day with many distractions, I think I did everything you wanted in the correct order. I do have a question. Since this process deleted my uniblue registry defrag and cleaner can you tell me if you know one that you trust to clean and defrag my registry? Thanks...
     

    Attached Files:

    1dtall, Aug 9, 2018
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean and there was no malware, only crap. It is really not a good idea to defrag or clean your registry. If you want to pursue that, please post in the software forum.

    Sinde you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Aug 9, 2018
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds