Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Home computer running slow, not loading web pages, resistant to attemp

slow computer virus resistant

  • This topic is locked This topic is locked

#16
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Only the McAfee ones. I ran the program now trying to get back on my desktop to supply log. Darn thing is being super stubburn...We've ticked it off..that's for sure.
  • 0

Advertisements


#17
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
I posted from phone above. ^
  • 0

#18
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

See below.........

Attached Files


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This should now run a lot quicker
 
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 

3. Open notepad and copy/paste the text in the quotebox below into it:
 

Folder::
c:\program files (x86)\TenchisTV
c:\program files\Common Files\McAfee

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ece24dcf-8548-4655-b392-47a388721482}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_CLASSES_ROOT\clsid\{ece24dcf-8548-4655-b392-47a388721482}]

Driver::
McMPFSvc


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif 

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN
  • Run OTL.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open ONE notepad window.
    • Attach both logs

  • 0

#20
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Completing tasks now
  • 0

#21
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Well something screwy happened...The blue box that the blog is generated in for the combo fox was dithering off and on really fast and moving diagonally across the screen. Had to shutdown....
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK go direct to OTL scan now and I will remove the remaining elements using that
  • 0

#23
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Can't run combo fix now....says illegal operation attempted on a registry key that has been marked for deletion.
  • 0

#24
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Darn...can't open ie either to copy and paste info for otl. Gah
  • 0

#25
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Can't open any link whatsoever. All say illegal operation on registry key that has been marked for deletion.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK reboot as Combofix has not released the registry

 

That will cure it


  • 0

#27
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Ok..restarted again and running combo fix....keeping fingers crossed!
  • 0

#28
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Finally got both done...WOO HOO!!!!

Attached Files


  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now clear out the rest :)
 
Once done could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - SOFTWARE\Classes\CLSID\{ece24dcf-8548-4655-b392-47a388721482}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT241166
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,Backup.Old.DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes\{54EFAE1D-13AD-4089-98A7-F691DD0A63A5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2411669&CUI=UN23130556031157021&UM=2
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\prxtbTenc.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2014/04/26 08:54:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial
[2014/04/24 23:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2014/04/23 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\AVG
[2014/04/23 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/04/23 22:59:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/23 22:07:33 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{E5A24E91-17E2-4053-BA6A-DCCE3F1A42DB}
[2014/04/23 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\TuneUp Software
[2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\AvgSetupLog
[2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\Avg
[2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\MFAData
[2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/04/15 00:37:41 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\Google
[2014/04/15 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/04/06 16:55:03 | 000,000,000 | ---D | C] -- C:\061085a
[2014/04/05 09:36:15 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{276AC011-BD08-4A51-9C05-BDBA91ECE5FE}
[2014/04/26 09:31:15 | 000,397,120 | ---- | M] () -- C:\Users\Curt\Desktop\aswmbr.exe.td83pe6.partial
[2014/04/26 08:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial
[2013/01/09 18:03:33 | 000,000,000 | -HSD | M] -- C:\Users\Curt\AppData\Roaming\7A6357
[2014/04/23 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\AVG
[2012/08/13 09:58:27 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Catalina Marketing Corp
[2014/04/06 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\PCDr
[2012/01/22 10:34:34 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 10:34:35 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

:Files
C:\Users\Curt\AppData\Local\Google\Chrome

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#30
Maxboost25psi

Maxboost25psi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

ok...let see here....

 

logs below

 

Going to try and use the net some and report back 

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP