Home computer running slow, not loading web pages, resistant to attemp
#16
Posted 26 April 2014 - 10:03 AM
#17
Posted 26 April 2014 - 10:03 AM
#18
Posted 26 April 2014 - 10:06 AM
See below.........
Attached Files
#19
Posted 26 April 2014 - 10:46 AM
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\program files (x86)\TenchisTV
c:\program files\Common Files\McAfee
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ece24dcf-8548-4655-b392-47a388721482}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_CLASSES_ROOT\clsid\{ece24dcf-8548-4655-b392-47a388721482}]
Driver::
McMPFSvc
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
THEN
- Run OTL.
- Select All Users
- Select LOP and Purity
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open ONE notepad window.
- Attach both logs
#20
Posted 26 April 2014 - 11:04 AM
#21
Posted 26 April 2014 - 11:50 AM
#22
Posted 26 April 2014 - 11:51 AM
#23
Posted 26 April 2014 - 11:52 AM
#24
Posted 26 April 2014 - 11:54 AM
#25
Posted 26 April 2014 - 11:55 AM
#26
Posted 26 April 2014 - 12:04 PM
OK reboot as Combofix has not released the registry
That will cure it
#27
Posted 26 April 2014 - 12:04 PM
#28
Posted 26 April 2014 - 12:22 PM
Finally got both done...WOO HOO!!!!
Attached Files
#29
Posted 26 April 2014 - 12:39 PM
Once done could you let me know how the computer is behaving
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [CREATERESTOREPOINT] :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - SOFTWARE\Classes\CLSID\{ece24dcf-8548-4655-b392-47a388721482}\InprocServer32 File not found IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000 IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT241166 IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,Backup.Old.DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5} IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5} IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes\{54EFAE1D-13AD-4089-98A7-F691DD0A63A5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2411669&CUI=UN23130556031157021&UM=2 O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\prxtbTenc.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found [2014/04/26 08:54:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial [2014/04/24 23:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar [2014/04/23 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\AVG [2014/04/23 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2014/04/23 22:59:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} [2014/04/23 22:07:33 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{E5A24E91-17E2-4053-BA6A-DCCE3F1A42DB} [2014/04/23 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\TuneUp Software [2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\AvgSetupLog [2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\Avg [2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\MFAData [2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2014/04/15 00:37:41 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\Google [2014/04/15 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2014/04/06 16:55:03 | 000,000,000 | ---D | C] -- C:\061085a [2014/04/05 09:36:15 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{276AC011-BD08-4A51-9C05-BDBA91ECE5FE} [2014/04/26 09:31:15 | 000,397,120 | ---- | M] () -- C:\Users\Curt\Desktop\aswmbr.exe.td83pe6.partial [2014/04/26 08:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial [2013/01/09 18:03:33 | 000,000,000 | -HSD | M] -- C:\Users\Curt\AppData\Roaming\7A6357 [2014/04/23 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\AVG [2012/08/13 09:58:27 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Catalina Marketing Corp [2014/04/06 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\PCDr [2012/01/22 10:34:34 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012/01/22 10:34:35 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job :Files C:\Users\Curt\AppData\Local\Google\Chrome :Commands [resethosts] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
#30
Posted 26 April 2014 - 03:02 PM
ok...let see here....
logs below
Going to try and use the net some and report back
Attached Files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users