Anti V update / flash / silverlight w/XP lagging

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bbsnooks, Jan 11, 2014.

  1. bbsnooks

    bbsnooks Private E-2

    Not sure if I have mal-ware or other problems.

    - i didnt write to you first bcz my password didnt work on major geeks < tho i was on the "commercial site and didnt know it . and i couldnt find the forums.. so .. i ran some other programs malware bites and Jet clean - and have spent multiple hours on MSoft trouble shooting pgs..

    I have decided to convert to another computer but would like to keep this one for playing music and dvd's < not surfing as XP up dates w/b discontinuing >

    -- I had trouble on your sight downloading CC due to a page that was not CC downloader kept showing up.. so i went to http://www.piriform.com/ccleaner/ to get it.
    <seems to me .. your pages are so cluttered with ad ware that its hard to distinguish what is the recommended item and what is an ad. > jmho

    my current issues are:

    cannot update MSE Microsoft Security Essentials
    - have installed and run AVG and uninstalled after then reinstalled MSE
    and still have same problem < same with malware bites>

    Other problems with Flash and Silverlight in Chrome watching Netflix.

    -- i have read and completed part of the "Read and run First" post in the malware forum
    - run CCleaner and reboot
    - run Rogue Killer have file
    -- Malwarebytes'.. install and ( the last time i ran and fixed.. i got the blue screen of death.) we'll see about today's scan.

    I'm sending this now.. just incase .. with the Rogue Killer log
    ? did it attach.. some onetell me?
    --next TDSSKiller
     

    Attached Files:

  2. bbsnooks

    bbsnooks Private E-2

    Posting up date

    -- i have read and completed part of the "Read and run First" post in the malware forum
    - run CCleaner and reboot
    - run Rogue Killer have file
    -- Malwarebytes'.. install and ( the last time i ran and fixed.. i got the blue screen of death.) we'll see about today's scan. < ok no blue screen>

    --next TDSSKiller is complete with 0 threats
    -- HitmanPro.. however found 1 threat -67 traces - will attach
    --- 5:33pm all attach except MG Tools and its been stuck < no mvt> for last 90+ min on < analyse.exe> which came after GetBrSet.bat

    will post this now.. _ incase blue skreen of death returnes..

    Thanks for your help..
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Wecome to Major Geeks!
    You have to click twice on the Accept button to accept the license agreement or else it will just sit there. You may not see the license agreement if you have other windows open due to the fact that it does not pop to the top of any other open window forms. So close or minimize all other windows when running MGtools.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Websites like this cannot run for free. But at anyrate the downloads ( as explained in the READ & RUN ME FIRST ) are always under and icon looking like below with the flashing down arrow.

    [​IMG]
     
  5. bbsnooks

    bbsnooks Private E-2

    Up Date.. 9:40pm
    Thanks.. it was a hidden confirmation..
    the whole thing ran in less than 5 min I think ..

    I hope.. i can up load the files.. the last time.. ?? it wouldnt take them. ..

    I am still having trouble..
    even seems worse.. this page was... 4 min to open and page down.

    here are the files < I hope>
    i can find 4/ 5 and i'm not sure which one is missing

    it seem s the TDSkiller is in the MGlogs.zip

    and its all my eyes can do for today..
     
  6. bbsnooks

    bbsnooks Private E-2

    in re" to jmho remark..

    you have done a very good detailed job of instructions..
    and they are strict..
    that is why i followed one by one..

    your instructions say

    If you cannot download required programs on the infected PC, download them using another PC and copy them to the infected PC via CD or USB drive.
    Do you want your PC fixed?? If yes then attempt to finish everything requested. Please do not cheat by skipping any steps. Attempt to run ALL steps in the READ & RUN ME. The only steps you should skip are ones that you are blocked from running by your problems.
    You are only hurting yourself and you will waste more time in the long run if you ignore or skip steps.
    and on step 5 < page 1> it days to down load CCleaner..
    with a big Green down load her button.
    -- I errored.. 3 times.. hitting the green button..
    I saw the other one but it was smaller and blinking .. and looked to me like ad ware.. -- guess the joke was on me..
    < i wasnt laughing.. after a month of trouble and 4 day's of seriious solution searching.

    i did see that big green arrow pointingto the download.
    I believe on < page 2..> was where the hint was, and it was quite some time before i got to page to and the "Hint".

    maybe you could add to your instructions..
    )( not the big green arrow that says download.. )(
    )( .. dont look at the man behind the curtain.. ; ) poor attempt at wizzard humor

    I am thankful for the help.. and i'm sure i missed some thing.. if its on page 1 I sure missed it.. i went back again.. and still didnt find it .. but i'm exausted..

    still cannot fing the other log file
    I have the
    Rkreport
    MGlogs.zip
    MBAM-log
    Hitman pro


    and third try to ttach.. they are loading in the manage attachment box .. but have not seen them sho up here.
    If you could tell me which one is missing ..
    thanks..
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The green button you refer to is not in the READ & RUN ME. It was present in an advertisement on the CCleaner download page and the adverstisement is not label CCleaner. It is labeled for what ever the adrvertisement is at the time. It changes! But quite clearly it is not for CCleaner. However since it confused you, it may confuse others and I added the icon to look for the download locations right but the CCleaner link in the READ & RUN ME.

    Your Malwarebytes log shows that you too no action. You need to fix what it found. Logs need to be saved after fixing as noted in the READ & RUN ME procedure for running Malwarebytes.

    Your logs show that you are using MSconfig to control startups. You should not be using it as a long term startup manager. Your PC should be in normal startup mode. ad this to better understand why not to use MSconfig: Dealing with Startup Process

    Please put your PC in normal startup mode right now.

    You have a bunch of security issues due to not updating software on your PC:
    1. Windows XP SP2 << you need to update to SP3. Support is going away in April. I suggest you update now before you cannot. Are you 100% sure that you will never be connecting this PC to a network?????
    2. MSIE: Internet Explorer v6.00 SP2 - very old and a major secrity risk and whether you think you use it or not you OS does.
    3. FIREFOX: 16.0.2 << Too old and a security risk. Update to current which is 26.0. But in reality, if you are not going to be using this PC for surfing then you should just uninstall Firefox and Chrome. Google puts a bunch of unncessary processes, services and tasks on a PC. You would be better of without them.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
    explorer.exe
     
    :Files
    C:\WINDOWS\Tasks\GoforFilesUpdate.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1972579041-682003330-1004Core.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1972579041-682003330-1004UA.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-1972579041-682003330-1004.job
    C:\Documents and Settings\All Users\Application Data\InstallMate\{9B2C64C4-E1C3-4629-A4C2-A9E140CF4632}\Custom.dll
    C:\Documents and Settings\User\Application Data\AVG2014
    C:\Documents and Settings\User\Application Data\GoforFiles
    C:\Documents and Settings\User\Application Data\SearchProtect
    C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
    C:\Documents and Settings\User\Local Settings\Application Data\Conduit
    C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
    C:\Documents and Settings\All Users\Application Data\Conduit
    C:\Documents and Settings\All Users\Application Data\InstallMate
    C:\Program Files\Conduit
    C:\Program Files\GoforFiles
    C:\$AVG
    C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
    C:\WINDOWS\Temp\*.*
    C:\Documents and Settings\User\Local Settings\TEMP\*.*
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd]
    [-HKEY_USERS\S-1-5-21-1801674531-1972579041-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
    [-HKEY_USERS\S-1-5-21-1801674531-1972579041-682003330-1004\Software\SmartBar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
    :Commands
    [purity]
    [EmptyTemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  8. bbsnooks

    bbsnooks Private E-2

    Thanks Admin..
    Jobs not completed .. snag in several areas
    1) cannot run malwarebites trial is over..

    thanks 4 post on not use msconfig to lesson startup items.. <my bad just hate lots of unnecessary startup's when rebot > I have re-enabled that.

    I was able 2 upD IE8 - <not a fan of IE as you can see only use as back up>

    I have MS auto update on already .. however is not working
    and cannot manually up date either

    .. during new IE8 and recieved error during installation
    error leading c:\Documents and settings \ user\application\newnext.me\newengine.dll
    it started up and i have been using that for update sp2 - 3
    still having trouble . below link gets error
    http://windowsupdate.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
    [Error number: 0x80244019]
    The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
    For self-help options:
    -
    I then went to http://support.microsoft.com/gp/windows-update-issues/en-us
    and tryed/failed to use the fixit for me. below is what it says in properties
    WindowsUpdateDiagnostic[1] (1).diagcab 274kb
    it is not working for me..

    MS Security Essentials has been able to up date since last post
    several scans sho no problem.. last full scan yesterday.. doing one right now.

    - good news .. no more blue skreen
    - still slow surfing and lag in letters while typing or swiching tabs.

    summary.. will keep trying to update sp3.. till i hear from you
    ? is there an alternative to MWBites that i can use on a trial basis
    maybe i had used that befor and that is why the log show no action.
    altho while reading ( read first.. it said remove any excess programs.. and that may have been one of them i deleted)

    I know this computer can run faster.. just around newyears ( i was alaready having trouble for some time) i used the computer in the morning .. with all windows open and runing netflix or you tube one.. and it ran like it was brand new.. for 15 min. i then when i returned.. it was back to slow.

    thats all fir now.. any ideas on sp3 update issue?
     
  9. bbsnooks

    bbsnooks Private E-2

    Thanks Admin..
    ideas on sp3 update issue?

    i found this link about the error message on update ? should i try that?
    http://answers.microsoft.com/en-us/...ling-sp3/20345649-c6f1-4f24-a427-e79a6682ba2a

    have updated FF and IE to latest versions
    after reboot still getting DLL error newnext.me\nengine.dll
    it appears to be a new listing in startup config.
    Now every thing is checked on startup- however not taking too long to load at startup.
     
    Last edited: Jan 16, 2014
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please skip the update to SP3 for now and complete the rest of the instructions I gave you and attach the new logs.

    All the questions/problems posted in your last message are not topics for the malware forum. They belong in the Software Forum.

    Note: Malwarebytes is always free to use. Only your trial for the pro version ended. And I did not ask you to run Malwarebytes in my last message anyway.
     
  11. bbsnooks

    bbsnooks Private E-2

    I believe i have the 3 files up loaded.
    will reboot and try surfing now and notify in a while about how it is working.
     

    Attached Files:

  12. bbsnooks

    bbsnooks Private E-2

    there was an error during the last scan
    app failed to initialize properly
    Oxc0000135 click Ok to terminate
    so i did
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay your logs are clean. Are you having any malware problems? Slowness is not due to malware. It is due to PC specs ( slow, old PC and inadequate memory ) and what you are running. You need to triple your memory from 1 GB to 3 GB.

    The error you mentioned about newengine.dll is due to some junk you installed. I see the below in your startup processes:

    O4 - HKCU\..\Run: [NextLive] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l
     
  14. bbsnooks

    bbsnooks Private E-2

    thanks.. for id'ing the junk..

    1) I'd like to ask best way to halt start up items that i dont need..
    I had used msconfig (you corrected me on that) and want to know if there is another way? to halt unwanted start up items.

    2) where should i post on this problem. I still cannot update to sp3 .
    i have auto update selected for 6pm every day.

    in IE @ the update page i get [Error number: 0x80244019]
    The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
    Microsoft Online Assisted Support (no-cost for Windows Update issues)

    i spent some time w/Victor on support yesterday but the free turned into not so free.
    he said i had corrupt files or virus.. and wanted 100$ to run their 'Advanced software".

    similar experience at HP..

    All the virus scan's have been negative.. but ? I dont know about corrupt files. I would like to get auto update working.. Is there a better forum for that ?

    3) should i run any of the programs we used again. I think some of them found errors but we did not select to fix them. your recommendations appreciated.
    going to check malware bites one more time forgot to check that before writing this

    report on how its running..
    I have up graded internet service.. and may be able to upgrade ram next week.
    however still have "issue" with sp3 updates and/ netflix and not being able to go forward or back in time while watching movie .. still wrap's up all resources and no one from netflix or ISp can find a reason.. I try using the close window x or task manager if i can. some times i have used the "hard shut off" to remedy the problem.. could i have damaged some thing doing that.
    thanks for your help.
    bbsnooks
     
    Last edited: Jan 25, 2014
  15. bbsnooks

    bbsnooks Private E-2

    Update'
    latest MWB scan results found 15 items log attached
    .. no action taken

    Forgot to mention that i tried Mr Fixit on several items.. over the week
    ( w/ netflix and Microsoft.. ) and it could not run.. either Mr Fixit
    error said something about update to sp3 and net?some thing? Framework 2
    sorry should have written it down.
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Victor who? From where?

    Try just downloading the full Windows XP SP3 installation file from the below link:

    http://www.majorgeeks.com/files/details/microsoft_windows_xp_service_pack_3.html


    See the download links under this icon [​IMG]

    You do not need to run anything again. They were not problems which is why we do not have you do anything with them. ;)


    Wait until you have more memory and SP3 installed
     
    Last edited: Jan 25, 2014
  17. bbsnooks

    bbsnooks Private E-2

    Further explaination.
    I tried getting support from netflix <cant rewind video w/o winding up all system resources and computer dosent really crash.. but it seems to be in an epileptic fit that dosent end.> So i was searching solutions w/google and found a similar case and then i found the "Chat" option at Netflix. After a chat then 3 phone calls..
    we reinstalled silverlight 3 times.. i had put an older version on but its at latest version.. we tried using a mr Fixit to check silverlight but it didnt work. and multiple unsuccessful remedies. after 1 chat and 3 phone calls they suggested HP Tech support.
    _- some one in the background at Netflix support said i had an ip issue - but that didnt make sence to me.. < I had just got back home with a different router/modem with faster download> they set it up at the Provider office and it appeared to be working fine to check web pages but still had the issue with not being able to go back <or forward> in the movie with out the "problem" happening. I dont know what the tek guy at netflix was seeing.. but said some thing about not recognizing the ip address.
    any how they had exausted their list of solutions and sent me on to HP .. which led me also to Microsoft.
    the folks at netflix had a phone # for HP and i tried it.. and I also tried the chat/ at Microsoft < Victor was at the chat option for update problems at Microsoft > and both of them tried a mr fixit and a bit more and concluded that i needed to $$$ for the're special software check up.. Victor was with microsoft ..
    < and that's the short version>

    After that i talked to the Internet Service provider Tech man "Russ" and he cant see any thing wrong on the ip issue the Netflix person mentioned. however.. Russ may have some Ram that i can get to up the memory for this computer. AHH!

    I'm going to download / run the sp3 update you gave me.. thanks..for that.
    will post any success.
    the good news is not Blue screen
    and she still opens and runs.. hopefully sp3 download will work
     
  18. bbsnooks

    bbsnooks Private E-2

    wow.. not ready to say Victory! just yet..
    however success in download and install sp3 file you gave me.

    I was able to download and install and reboot
    Opened IE and went to windows download page
    able to install new downloader
    checked for up dates and downloaded and installed 130 updates.
    reboot and recheck windows update page and it just spinns' there
    not an error like i used to get but the tracking bar is in a continious loop searching my computer for information to see what updates are necessary.

    so I rebooted 3 times.. same scenario.
    also.. still have issue with auto start up programs
    especially Carbonite preinstaller- there is a free trial with online back op of files that i may want to use some time.. but i dont need the darn thing on auto startup. It seems to be on a delay and just when i'm working on some thing it will initialize maybe in the background.. because things get really slow.. but the icon in the bottom of the screen < that says which windows or software is running> does not immediatly show up.. it takes ? minutes? and then when i see it .. ah ha! that's the trouble -

    - so today i turn on task manager and watch and it sends the system reasources to 99% and i close it down once with the "X" and again with the right click close with the mouse.

    while watching the Task Mgr.. the sys resources hang at 99% or 100 and its an svchost.exe that is using the 99%

    This is why i was using the msconfig to alter the startup..

    I could use another solution..

    -- so.. after running ie and chrome for short while.. it was slow as molasses.
    could not open new tabs.. had trouble playing video on IE what's new page sound was choppy.. it was choppy last night also..

    i rebooted and just opened chrome and was able to get to this page and make this note.

    I'm curious why.. after the install link and update to sp3 ( verified by system properties) that going back to the windows update page.. dosent seem to work properly. Just glad i was able to get the updates to do it once.


    I will post more after getting to use internet .. and will ckeck back to see if you have any suggestions..
     
  19. bbsnooks

    bbsnooks Private E-2

    report on watching netflix..
    Yesterday was worse than ever after all the "tech support" with
    Netflix - Joya
    HP ?
    Microsoft "Victor"
    and my ISP "russ"

    so this am after 3 reboots
    I start watching netflix
    I found the Carbonite installer and used task Mgr to end process.
    chrome usage on Netflix is running 52% to 75%
    and video is running < except when going back on play back.> that still gives the svchost 99-100%

    I'm tempted to call Netflix again .. < glutton for punishment >
    and see if that ip connection issue is still there.. on there end.

    the Major improvement is that now.. i dont need Closed Caption to understand what 's in the movie. the words and sound are in sync
    -- oops. . that is no longer true..

    after 4 min of playing movie - video tends to lag behind words and much delay in response to "pause"

    pre November 2013 it would just pause movie.. and Rebuffer and i could move forward and back in a show with just 10-20 sec of rebuffering < this was on a mifi type of internet connection on an admittedly old insufficient ram laptop computer ... post November its different.

    do you think its time to try some thing else.. a mr fixit/ silverlight?

    waiting for instructions
     
    Last edited: Jan 26, 2014
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please post in the Software Forum. None of what you are mentioning are topics for the Malware Forum. Even the link I gave you for XP SP3 is something that really should have been in the Software Forum. My only last comment is one stated several times, and that is, you need to add more memory. Other than that we are really finished in this forum. I will take a quick look at one more log from MGtools though just to check status on SP3 and other items.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
     
  21. bbsnooks

    bbsnooks Private E-2

    Thanks again for your help..
    MG tools zip is done..
    will post other in software forum.
     

    Attached Files:

  22. bbsnooks

    bbsnooks Private E-2

    Additional ? after you review mgtools file.

    ? MalwareBites is still on auto startup ..
    does that conflict with MS Security Essentials?

    should i leave it on and running ?
    thx
     
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have the paid version of Malwarebytes, it does not interfere. And if you have the free version, it provides no protection so it would not interfere anyway. It loads a service at startup so that any users of the PC whether an admin level or a restricted user, can still run the program and get updates too.

    You can try the below to see if it helps with your perfomance:


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [f.lux] "C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe" /noshow
    O4 - HKCU\..\Run: [Device Doctor] C:\Program Files\Device Doctor\DDLauncher.exe
    O4 - HKCU\..\Run: [NextLive] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    After clicking Fix, exit HJT.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
    explorer.exe
    
    :Services
    gupdate
    gupdatem
    gusvc
     
    :Files
    C:\Documents and Settings\User\Application Data\newnext.me
    C:\Program Files\AVG
    C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
    C:\Documents and Settings\All Users\Application Data\Conduit
    C:\Documents and Settings\All Users\Application Data\SearchNewTab
    C:\Documents and Settings\User\My Documents\Mobogenie
    C:\Program Files\Mobogenie
    C:\WINDOWS\Temp\*.*
    C:\Documents and Settings\User\Local Settings\TEMP\*.*  
    :Commands
    [purity]
    [EmptyTemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  24. bbsnooks

    bbsnooks Private E-2

    Great! "start up" clean up.

    2 logs included -
    wont have time to check out running today or tomorrow.. will report that later. ( tho.. boot time seems to have increases .. i didnt time it to compare tho.. not worried about it .. just noticed the change)

    ... only one left at startup is the Malwarebites that start's up.. and reminds me its out of date for professional and please purchase....
    < I could uninstall but may be nice to have in future.. I'm just trying to eliminate the ram users that are un necessary .. will take up in software forum>

    I had some kind of avg toolbar thing take over my chrome home page - dono where that came from ... i'm usually diligent about taking the check out of the box/ or turn off extra program installation software.. and not doing express install's .. but some thing got thru. I 'ay have caught it in the MGtools scan

    I've been trying to do driver updated from HP.. <unsuccessful>.. their auto recognize .. does not know my machine. ( i'm not informed to do driver updates w/out help) but that may be where the toolbar junk came from.

    I still have trouble shutting down.. from internet. I have been watching Task Mgr for different / new items.. i found some thing and googled it.. some think it may be trouble <below>

    https://www.google.com/search?q=scheduled+task+unknown+AT1.job&oq=scheduled+task+unknown+AT1.job&aqs=chrome..69i57.35566j0j4&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8

    iT IS SCHEDULED TO RUN
    EVERY 1 HOUR FROM 1:08pm for 24 hours every day -starting 1/22/2014


    what do you think?
    I found it in Scheduled Tasks. properties <control panel>
    checking its properties show's

    c:\WINDOWS\Tasks\At1.job
    Run: er\applic~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE
    cREATED BY NetScheduleJobAdd.
    Run as: NT AUTHORITY\SYSTEM

    all the options to change are grey'd out..
    I did not knowingly put this on..

    thats all for now...
     
  25. bbsnooks

    bbsnooks Private E-2

    some thing strange now..
    for 2 day's a page has appeared that i didnt think i opened..
    yesterday i didnt write it down..
    today

    .. http://static.thehumanallegiance.co...A08&pu=&s=D-chrome&nm=ilmernzkvtaztusn&t=&r=1

    shows up.. and says my chrome is out of date.. and i need to up date..
    and it fails the virus scan.. < good to know its working>
    i try to shut down the page..
    cant shut it down.. the page now says my Java is out of date,

    that along with the previous At1.job in the task scheduler..
    could that be like a type of malware ?
     
  26. bbsnooks

    bbsnooks Private E-2

    I would like to answer your ?? of how's it running now

    since my last post .. i went to download latest chrome version.. from chrome home page was able to install .. and when opening.. the ? skin? i think thats what is called. returned to the Black I had set it at.

    I totally shut down chrome and restarted from desk top icon.. and when opened the skin was the blue color..

    I had set it to black some time before contacting this forum.. and had forgotten .. and didnt recognize .. that for some time the color had changed to blue..

    also when open from desk top icon a system warning sound w/ a pop up saying
    An administrator has installed Google Chrome on this system, and it is available for all users. the system-level Google chrome will replace your user level installation now.

    the above seems really strange to me.
    so i close out chrome.. and open Firefox
    and
    MYsearch is the first pg to open.. with 2 more tabs that say another program would like to modifiy Firefox
    1) netframwork assistant 0.0.0
    2) agvsafegardtoolbar

    ----
    so.. I'm able to browse the internet.. - and seems its still got
    issues with my search / and tool bar jackers'
    --
    the way its going this am.. i'm afraid to open IE.. it might have some thing too.

    will wait for your reply
     
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can delete the below file:

    C:\WINDOWS\Tasks\At1.job


    You need to attach the followup logs that I requested in my last message. And since you are now giving information on potentially new problems, you need to rerun the C:\MGtools\GetLogs.bat program first and then attach the previous log from OTM and the new MGlogs.zip
     
  28. bbsnooks

    bbsnooks Private E-2

    sorry about the logs not showing up on post #24 i thought they attached will try again this post with new logs.

    I think i see where i errored - failure to hit upload..
    is show's attached files.. now

    deleted at1job from C:
     

    Attached Files:

    Last edited: Jan 31, 2014
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is not a new MGlogs.zip file. You need to run the steps as stated in my last fix the create a new file and attach it.
     
  30. bbsnooks

    bbsnooks Private E-2

    uploaded files.. hope i got it right this time.

    I'm not able to up the ram.. apparently its got the max ram this can go to.
    had an online chat w/ memoryStock.com that sell's ram.. he asked for serial# and said the max on this model is 1G and i think that is what's on it.

    would it do any good to get replacement memory?
     

    Attached Files:

  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nope. So you will have to live with your poor performance until you purchase a newer/faster PC.

    I still see some left over junk from AVG that needs to be cleaned up.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
    O4 - HKUS\S-1-5-18\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DriverUpdate] "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot (User 'Default user')
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
    O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

    After clicking Fix, exit HJT.

    Now uninstall the below:
    AVG SafeGuard toolbar

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
    explorer.exe
    
    :Services
    vToolbarUpdater17.3.0
     
    :Files
    C:\Program Files\Common Files\AVG Secure Search
    C:\Program Files\AVG SafeGuard toolbar
    C:\Program Files\Mobogenie
    C:\Documents and Settings\User\Application Data\AVG SafeGuard toolbar
    C:\Documents and Settings\User\Local Settings\Application Data\AVG SafeGuard toolbar
    C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
    C:\Documents and Settings\All Users\Application Data\McAfee
    C:\WINDOWS\Temp\*.*
    C:\Documents and Settings\User\Local Settings\Temp\*.*
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "mobilegeni daemon"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DriverUpdate"=-
    :Commands
    [purity]
    [EmptyTemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds