Computer Hope
Software => Computer viruses and spyware => Topic started by: horn1988 on December 08, 2009, 03:51:57 PM
-
I'm not completely sure of the issue with this laptop. I obtained it for free from a friend because he was fed up with how slow it is. It's not unusable but it is very slow. At start up it is very slow to get everything up and running. When browsing online or running a program it takes longer then it should and the anti-virus continues to pop up saying there's something wrong. I am attaching the logs and ready to get this fixed thank you ahead of time
[Saving space, attachment deleted by admin]
-
when you get your help from an expert keep sas and mbam in your pc and run weekly it will help to keep your pc clear of all the rubbish that has got into it
-
I will i plan to do that now
-
I would tale a multi pronged approach to this computer problem
1.) Make sure you understand what applications and installed and which ones are set to start on computer start up. When in doubt uninstall and/or keep the program from starting on boot up. I believe hijack has this functionality that allows you to easily stop programs from starting up. Remember programs can be set to start through, schedule tasks, registry, start up folder and dll's. Hijack this consolidates this into one location.
2.) Make sure you run the spyware program(malware bytes, ad-adware, spybot are some good free ones) in safe mode.
3.) Take a look at our web site for some free computer tips and tricks. We have a whole "did you know series" that covers a lot of this stuff.
http://www.ciosolutions.com/articles/50-it-support-tips-for-santa-barbara
-
way past that buddy waiting for an expert to look at the logs but thanks for telling me something that i read in the read this section of the forum
-
I would tale a multi pronged approach to this computer problem
1.) Make sure you understand what applications and installed and which ones are set to start on computer start up. When in doubt uninstall and/or keep the program from starting on boot up. I believe hijack has this functionality that allows you to easily stop programs from starting up. Remember programs can be set to start through, schedule tasks, registry, start up folder and dll's. Hijack this consolidates this into one location.
2.) Make sure you run the spyware program(malware bytes, ad-adware, spybot are some good free ones) in safe mode.
3.) Take a look at our web site for some free computer tips and tricks. We have a whole "did you know series" that covers a lot of this stuff.
http://www.ciosolutions.com/articles/50-it-support-tips-for-santa-barbara
you should not be giving advice here when you are not a malware expert and CH gives all the tips/help thats needed
-
agree
-
Hello horn1988 and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
There are remnants of McAfee running on your computer.
Download the McAfee Consumer Product Removal Tool (http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html) to your Desktop.
Using McAfee Consumer Product Removal tool:
* Double click the MCPR.exe
* A Command Line window will be displayed, and then close automatically.
* Wait for a second Command Line window to be displayed.
Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
* After the second window appears, the program will begin the cleanup.
* Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
* Press Y on the keyboard.
* Wait for the computer to restart.
* All McAfee products are now removed from your computer.
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {E241F94B-0C97-5968-F27E-6FBDA9E045AF} - (no file)
O2 - BHO: (no name) - {FA665742-830F-40E8-B889-8E6869AD8851} - C:\WINDOWS\system32\nnnkijIB.dll (file missing)
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Tried to run the McAfee Removal tool and it opened then said that it failed and this log was attached
MCAFEE CLEANUP
December 13, 2009 15:12:59
INFO Cleanup will be scheduled and run.
INFO Product mpfpcu to be removed from system.
INFO Product mpfp to be removed from system.
INFO Product mps to be removed from system.
INFO Product shred to be removed from system.
INFO Product mpscu to be removed from system.
INFO Product mskcu to be removed from system.
INFO Product msk to be removed from system.
INFO Product emproxy to be removed from system.
INFO Product mas to be removed from system.
INFO Product fwdriver to be removed from system.
INFO Product hw to be removed from system.
INFO Product mbk to be removed from system.
INFO Product mcproxy to be removed from system.
INFO Product mhn to be removed from system.
INFO Product mqccu to be removed from system.
INFO Product mqc to be removed from system.
INFO Product shrd to be removed from system.
INFO Product nmc to be removed from system.
INFO Product redir to be removed from system.
INFO Product mna to be removed from system.
INFO Product mwl to be removed from system.
INFO Product msad to be removed from system.
INFO Product vs to be removed from system.
INFO Product msc to be removed from system.
INFO Product mcpr to be removed from system.
INFO Task Scheduler service started.
WINERR IPersistFile::Save() failed. Error: 0x80090016
FAIL Error while running cleanup using Task Scheduler.
-
carry on and do the rest until dave comes back on
this may be the same as dave gave you
http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033
-
ok i was able to do that and run the windows removal but combofix it says it is offline so im not sure when i will be able to run it
-
ok thats great did you get this done for him , he must be of for the night
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {E241F94B-0C97-5968-F27E-6FBDA9E045AF} - (no file)
O2 - BHO: (no name) - {FA665742-830F-40E8-B889-8E6869AD8851} - C:\WINDOWS\system32\nnnkijIB.dll (file missing)
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
-
yes checked and fixed completed all of his steps except the combofix and like i said it says that its down for repairs so i dunno when it will be up and running again
-
seen that my-self just check the link everytime your on here
-
will do thank you
-
Hello horn1988. I'll give you a heads up when ComboFix is back on-line.
-
Hello Horn1988. ComboFix is back on-line. You can run this scan.
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
ComboFix (http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.