help friends computer all messed up

hey you guys helped me fix my computer so i hope you can help me with my friends, im posting from my laptop right now cause when i try to log onto the forums it closes his IE. i tried running the read me run me first programs but they all say that they are corrupted when i manage to get them to download onto his computer. i have also tried to put them on a cd and load them like i had to do when i first mfixed mine but they won't even install from there and im not sure what to do. when i try to scan his compter with macafee or with the trendmicro online scanner the computer will crash and give him the blue screen. i know its not much but if you guys can help me get started so that i can run the first things that would be great im gonna keep trying to make them work but not sure exactly how im going to get them to work.

 

Hi Rannos,

I'm not trying to skip over you, but this looks like a mess. Let's look at what you've posted one thing at a time. First of all your friend's IE closes when you try to log on to the MG Forums. Does the same thing happen if you use Firefox? Did you remember to check the remember me button?

Can you install Combofix on his computer if you go into Safe Mode?

Can you get the MGTools downloaded onto his computer? If you can get the logs from this, this would be the most helpful.

Also, are there error messages when he gets a blue screen? If so, can you get them?

Try these things first.
abri

 

ok i am working on the logs i got one of them to run but then i got the blue screen, so far i have gotten a physical memory proplem, and another proplem that i could not read cause it was half way off the side of the screen ill try to get that log posted if i can get the computer to let me get this site open long enugh to post.

 

ok i also just got a memory_managment error from the blue screen

here is the logs i could get the other programs won't run or in the case of combofix it causes a blue screen at the end every time

 

ok the log wouldnt post when i tried i got a page_fault_in_nonpaged_area, and just in case it didn't show up i also got a memory managment error, trying to load log agian in safe mode see if it works that way

 

here is mglogs

 

ok sorry ignore all the stupid posts i didn't notice that the log accually posted earlier and it didn't post the second time i tried but that is the only one im able to get at the moment. the malware bytes one finished as well but won't open in regular mode and im having an issue getting it to stay open long enugh before the blue screen in safe mode

 

Hi Rannos,

I suspect that you are not only dealing with malware problems. To begin with let's start here: (you can still do this in safe mode if this is as far as you can get)

1) Go to add/remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger
(don't worry about this if you can't do it)

3) Next run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

After you click fix, just close hijackthis.

4) Now run CCleaner at the default setting with the Windows tab as the top one.

5) Now reboot the computer and see if you can get into normal rather than safe mode. Try running SuperAntispyware or Malwarebytes if either works. Also, see if Combofix will work whether in normal or safe mode.

6) Then run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

ok i got everything but combofix to run when i try to run that in normal mode it dose nothing when i try in safe mode it flashes a blue dos screen that just closes before anything can happen and then nothing else happens.here are the logs i could get however oh and when i ran hijack this the 04-hklm\..\run: [quicktime task] "c:\program files\guicktime\qttask.exe"- atboottime was not on my list of options but the other ones where

 

Hi Rannos,

Your friend's computer is not having malware problems that I can see. There are two files which Spybot is set up to delete.

There are a lot of McAfee programs running and I wonder what would happen if you download a fresh Combofix to the desktop from How to properly run Combofix. Allow it to overwrite the old one or just delete the old one before you install it. See what happens if you disconnect the computer from the internet (physically) and then disable all the McAfee. Can you run Combofix then?

After you try that, remember to re-enable McAfee's antivirus program before you reconnect to the internet. If possible, leave the other McAfee programs disabled and see how the computer works with just the antivirus program running.

abri

 

ok so how would i go about fixing it if you have any hints it would be helpfull ill go and disable the not used macafee things that it will let me but if its not malware dose that mean hardware or is there some other things i can try?

 

Hi rannos,
I think it's more likely a software problem and that's why I would like to see what happens if you disable all the McAfee except for the antivirus. I would still like to see Combofix run, because it detects some things the others don't.
abri

 

hey i wasent able to disable the macafee programs when i try to disable them they load back up in less then 5 minutes i can turn off part of macafee thrue the interface but it dosent close any of the process down that i was able to see with ctrl+alt+delete or that other pogram thats in windows to really see whats happening in windows (can't rember what they call it). but my friend fiannly remberd today that he did have some new ram put into his comp about 2 months ago i went and took that out and i was able to run combofix afterwards so here is the log. ill post if it blue screens on him agian and i will have him watch for what the error is if it happens.

 

Hi Rannos,

Removing the RAM was a good idea. He should check for compatibility with the one he already has. Also, if his Limewire is old and he still uses Limewire, he should update to the newest version. The combofix log looks okay. There are two questionable drivers, but the date on them indicates that they have nothing to do with his problems. They are these:

2006-12-24 20:01 56 --sh--r C:\WINDOWS\system32\481C5D1778.sys
2007-04-27 10:31 88 --sh--r C:\WINDOWS\system32\78175D1C48.sys

After you see how the computer is doing, you can also try renaming the above drivers by adding .zzz to the end of each one. This will allow you to check if the computer has problems without them. I don't know what they belong to, but the age of them - Dec. 2006 and Apr. 2007 - makes me think they are not part of the problem he's having.

Since you have made some progress by working on the hardware, you might find it helpful to start a thread in the hardware forum where you can get more input.

abri

 

sorry its taken a few days to post back we where letting the computer run and see if we had any proplems. so far we have had no proplems and it is running just like it did before the ram was put in. i have upgraded his virus and spywear protection so i think we are good agian at the moment thanx for all the help agian this is the best site i ahve found to get help on proplems.

 

You're welcome Rannos!
I'm glad that you enjoy and use the site.
All the best for your further computering endeavors!
abri