please help. (log files included)

hi guys, I need some help with a friends laptop.

Its running very slowly (eg taks a few minutes to start up firefox) and it was displaying porn popups (which I think ive removed by installing nod32)

Only two of the programs in the FAQ found anything (logs attached)

thanks for any help

 

Hi me_uk,
Welcome to Major Geeks!

Please do the following:

1) Go to add/remove programs and uninstall the below:

- Viewpoint Media Player

2) Go to Windows Explorer and delete the below:
C:\smp.bat

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: FLW Viewer - {1CF50F68-ECAD-45C6-AFC1-B5DC4B95B15E} - (no file)

After you click fix, just close hijackthis.


6) Now run CCleaner at the default setting with the Windows tab as the top one.

7) Your HijackThis log isn't complete because you didn't put your computer into normal startup mode. Please go to Start / Run and type in msconfig and click on ok. In the box that opens up check the option that says normal system start, click on accept and ok.

Then run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

thank you so much for your help

I did what you said and there is a definate improvement, but things are still running quite laggy. (such as the start menu and loading of programs) Is there anything else I can do?

thanks

 

Hi me_uk,

The logs you've given me are clean. You can still do some alternate scans if you'd like and I can look at those logs as well. On which is very thorough is the BitDefender online scan which can only be run with Internet Explorer and with Active X enabled. To run that scan, please go to Running BitDefender Online Scan .

Also, I wanted to ask if you have XP home or pro? The Norton Security Scan is not listed as being supported for XP home. If you're not using this, you may want to go to add/remove programs and remove this.

Also, if you installed Nod32, you may be feeling some of the effects of having a resident antivirus program. If it is set to scanning in the background, this can lead to sluggishness and you may want to check the settings there.

Let me know if any of the above gives you more information.
abri

 

thanks for the reply

i removed the norton program


the online scan found a few problems (attached .txt file)
Any ideas?

 

Hi me_uk

Please run this:
ViewpointKiller

After you do the above, please install the current version of Sun Java from: Sun Java Runtime Environment

Let me know if Viewpoint Killer gets rid of the entry for Viewpoint Media Player in add/remove programs.

Thanks.
abri

 

ive attached the log I cant see an entry for it in add/remove programs.

Are there any other scans I can show you to check for problems? Because the laptop is still running pretty slow

 

Hi me_uk,
I think the problem may lie in your startup and service items. What I got for a listing from your first hijackthis scan (part of the MgTools) and from your first Combofix log was the set of programs in the first box below.(only for explanation! Don't delete anything in the boxes!) When I had you reset msconfig, I got the programs in the bottom box below. Have you installed or uninstalled any programs in between these two times or is there a piece of software which is specifically designed for managing the startup items installed on this computer? In any case, at the very bottom of this post, I'm giving you some instructions to remove some of these entries and then I will ask you to rerun the MGTools so I can look at an updated HijackThis.

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

After you click fix, just close hijackthis.

2) Now run CCleaner at the default setting with the Windows tab as the top one.

3) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri

 

yeah I have disabled all of the unnecessary startup programs


ive attached the new log

can you spot any other problems?

thanks

 

update: things are still running very slow.

Firefox just took 40 seconds to load for example

 

Hi me_uk,
I hear ya, just don't yet have an answer to give you. Thanks for your patience.

abri

 

oh thanks mate

Ill check back in a day or two

 

Hi me_uk,

How does your computer work in safemode? Do you have safemode with networking where you can test your browser?

Please go to How to Protect Yourself from Malware and download an installation program for one of the free resident antivirus programs. Don't install it just yet, but put it somewhere where you can find it later. Then disconnect your computer from the internet physically. Uninstall your copy of Nod32 as the problem may lie in the particular version you're using. Then install the new free program (I think there are three of them to choose from and they're all excellent). Reconnect your computer to the internet and download the updates. Then run a full system scan.

Attach the results with your next post along with answers to the above questions. It may still be necessary to run an online scan, but let's see what this brings first.

Thanks.
abri

 

thanks for the reply

my friend has had her laptop back now, but ill get it back off her in a few weeks

So i'll reply in a few weeks time

thanks for all your help

 

You're welcome.
Be sure she uninstalls the Nod32 patch as well. Otherwise you won't know if it made a difference or not.
abri