[Maxboost25psi]

Only the McAfee ones. I ran the program now trying to get back on my desktop to supply log. Darn thing is being super stubburn...We've ticked it off..that's for sure.

[Advertisements]

I posted from phone above. ^

[Maxboost25psi]

I posted from phone above. ^

[Maxboost25psi]

See below.........

Attached Files

•  logforEB.txt   26.26KB   98 downloads

[Essexboy]

This should now run a lot quicker
 
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 

3. Open notepad and copy/paste the text in the quotebox below into it:
 

Folder::
c:\program files (x86)\TenchisTV
c:\program files\Common Files\McAfee

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ece24dcf-8548-4655-b392-47a388721482}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ece24dcf-8548-4655-b392-47a388721482}"=-
[-HKEY_CLASSES_ROOT\clsid\{ece24dcf-8548-4655-b392-47a388721482}]

Driver::
McMPFSvc

Save this as CFScript.txt, in the same location as ComboFix.exe


 

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

• Run OTL.
  
  
• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  /md5start
  rpcss.dll
  /md5stop
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open ONE notepad window.
  • Attach both logs

[Maxboost25psi]

Completing tasks now

[Maxboost25psi]

Well something screwy happened...The blue box that the blog is generated in for the combo fox was dithering off and on really fast and moving diagonally across the screen. Had to shutdown....

[Essexboy]

OK go direct to OTL scan now and I will remove the remaining elements using that

[Maxboost25psi]

Can't run combo fix now....says illegal operation attempted on a registry key that has been marked for deletion.

[Maxboost25psi]

Darn...can't open ie either to copy and paste info for otl. Gah

[Maxboost25psi]

Can't open any link whatsoever. All say illegal operation on registry key that has been marked for deletion.

[Essexboy]

OK reboot as Combofix has not released the registry

 

That will cure it

[Maxboost25psi]

Ok..restarted again and running combo fix....keeping fingers crossed!

[Maxboost25psi]

Finally got both done...WOO HOO!!!!

Attached Files

•  OTLSECONDTIME.Txt   149.16KB   90 downloads
•  combolog.txt   19.18KB   117 downloads

[Essexboy]

OK lets now clear out the rest
 
Once done could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - SOFTWARE\Classes\CLSID\{ece24dcf-8548-4655-b392-47a388721482}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DtDyCyB0EyDtD0AyD0E0BzyyCtAyDyBtN0D0Tzu0CtByCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1607891000
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.conduit.com?SearchSource=10&ctid=CT241166
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,Backup.Old.DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes,DefaultScope = {54EFAE1D-13AD-4089-98A7-F691DD0A63A5}
IE - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\SearchScopes\{54EFAE1D-13AD-4089-98A7-F691DD0A63A5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2411669&CUI=UN23130556031157021&UM=2
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (TenchisTV Toolbar) - {ece24dcf-8548-4655-b392-47a388721482} - C:\Program Files (x86)\TenchisTV\prxtbTenc.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1038181654-2723990138-2818527679-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2014/04/26 08:54:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial
[2014/04/24 23:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2014/04/23 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\AVG
[2014/04/23 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/04/23 22:59:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/23 22:07:33 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{E5A24E91-17E2-4053-BA6A-DCCE3F1A42DB}
[2014/04/23 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\TuneUp Software
[2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\AvgSetupLog
[2014/04/23 18:16:31 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\Avg
[2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\MFAData
[2014/04/22 14:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/04/15 00:37:41 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Roaming\Google
[2014/04/15 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/04/06 16:55:03 | 000,000,000 | ---D | C] -- C:\061085a
[2014/04/05 09:36:15 | 000,000,000 | ---D | C] -- C:\Users\Curt\AppData\Local\{276AC011-BD08-4A51-9C05-BDBA91ECE5FE}
[2014/04/26 09:31:15 | 000,397,120 | ---- | M] () -- C:\Users\Curt\Desktop\aswmbr.exe.td83pe6.partial
[2014/04/26 08:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Curt\Desktop\OTL.exe.gflq0ah.partial
[2013/01/09 18:03:33 | 000,000,000 | -HSD | M] -- C:\Users\Curt\AppData\Roaming\7A6357
[2014/04/23 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\AVG
[2012/08/13 09:58:27 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\Catalina Marketing Corp
[2014/04/06 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\Curt\AppData\Roaming\PCDr
[2012/01/22 10:34:34 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 10:34:35 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

:Files
C:\Users\Curt\AppData\Local\Google\Chrome

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Maxboost25psi]

ok...let see here....

 

logs below

 

Going to try and use the net some and report back 

Attached Files

•  OTLFINAL.Txt   87.34KB   103 downloads
•  AdwCleanerS0.txt   5.94KB   127 downloads