Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gateway Laptop Seeking A New Lease On Life. Can You Help Me? [Solved]


  • Please log in to reply

#46
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements


#47
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Hi Gringo,

Thanks for re-opening my topic, and I hope you had a good Easter.

I just completed your 3/27 post (i.e., delfile.bat creation) suggested by the ESET scan. It worked as you indicated.

The IE browser (#8) continues to be an issue, and I've reset it at least 4 times today. It does okay for a little while, then it starts acting up again (i.e., freezing, pages taking a long time to load, just to name two). Any further thoughts on how to resolve before we close out this topic?

I don't have these issues with Mozilla Firefox, which I am using now.

Please advise. Thanks.




.
  • 0

#48
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Try post 35 and see if it helps again
  • 0

#49
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Hi Gringo,

Okay, I believe the IE browser issues are resolved or at least working better for now. I repeated posts #33 and #35 a few times and "enabled all the add ons". So far so go.

If the issues re-occur, I may try a browser uninstall and reinstall routine next. I saw the instructions in the Microsoft Support Center; they look pretty simple. Perhaps this would also address the reason why I continue to get a request to set up an IE #8 browser; it's as if the Gateway does not recognize that I am currently using IE#8. Go figure!!!


Incidentally, lately on two occasions, I received the following dialogue box message after Windows load. I don't recall ever seeing it before. Is there a need for concern?

Data Execution Prevention - Microsoft Windows
To help protect your computer, Windows has closed this program
"Generic Host Process for Win32 Services"


  • 0

#50
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
if they keep happening then I might be concerned and rerun our tools


gringo
  • 0

#51
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Good morning Gringo,


The dialogue message "Generic Host....appeared on 4/1 and 4/2 but no appearance today yet. But then again, the day is still early.

Okay so what do I do in the interim? Do I remain in an "open status" on this Forum for a bit longer and report back when it happens for further action? Or do I start the clean-up process that you advised in Post # 43? and return to the Forum at a later time, if need be?


Update: the IE browser #8 is beginning to act "silly" again, loading pages and delayed responding, but I can live with it for now. If it becomes intolerable as before, I will either do: 1)a browser un-install and re-install as mentioned in my last post; or 2)upgrade to a higher IE browser like #9 or something. Can you give me an opinion as to which option would be best for my Win XP home system?

Looking forward to your recommendations and my next steps. Thanks.
  • 0

#52
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


go ahead and start the cleanup process (I will download more tools if needed) and let me know if things get worse



IE 8 is as far as you can go with XP


That is why firefox and chrome are sometimes a better choice
  • 0

#53
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Hello Gringo,

Thanks for your earlier feedback and I've done the clean-up as per Post #43. I don't know if this is common and/or insignificant but here are some observations.

When the Combofix was un-installing, it stopped and told me two things (as it did during the installation): 1) there was a newer version (Post #12) and 2) that I had AVG Anti Virus 2011 installed on the system with the usual warning about duplicate anti-virus programs, etc., (Post # 14).

I was surprise to see a continued reference to AVG. More importantly, I don't have AVG and haven't had it since I got a major infection with a fake "AVG" several years ago. (See Post #1 / Background Section, just before the OTL logfile). Also, AVG does not show up in my Windows Programs or under Revo Uninstaller.

Also, I ran CCleaner and noticed the following in the report: Utilities: AVG AntiVirus 10.0 removed 3,001 KB, 4 files. So could this be what Combofix was referrring to during its un-installation?

Need I say, all is very confusing to me, but I'm certain you can make sense out of all of this....

Update: This afternoon, another appearence of the warning message from Data Execution Prevention about closing / "Generic Host Process for Win 32 Services" , 3rd time since 4/1 (Post #49). I've attached a screen shot for you to see exactly what I'm talking about. Hope you can see it as I'm not too good at doing screen shots.

Let me know your thoughts on all before we conclude here. I will be guided accordingly. Thanks.
  • 0

#54
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Sinking Fast

It is windows telling combofix that it was still installed - windows can be not so smart sometimes

when you installed AVG - AVG told windows that Hey I am your antivirus now but when you uninstalled it it did not tell windows so windows still thinks it is still there

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo
  • 0

#55
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Gringo,

Okay, below are the two reports (Junkware Removal Tool and aswMBR)you requested.

Now I'm curious about something; so is the "Data Execution.....Generic Host...." message (a copy sent by attachment, Post #53), Windows way of talking about remnants of the old AVG software as well? Or is this a separate and distinct issue from Combofix's warning about AVG?

This stuff is indeed a foreign language, and being a poor student of languages, I have nothing but admiration for people that master and excel at this stuff! :thumbsup:



Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 04/03/2013 at 22:23:08.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4054337592-158427668-1569766415-1003\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 1.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 2.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 3.job
Successfully deleted: [File] "C:\Documents and Settings\Owner\desktop\play games.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bigfix"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\65ytao2x.default\prefs.js

user_pref("browser.newtabpage.blocked", "{\"h5Jj4nfVZlB2K6EZmRLg9Q==\":1,\"SLrN9KJv2GWHRzPbY7GQeQ==\":1,\"rRj/Ua80HAr/8seLzNjCVA==\":1,\"EyUm8cLkbjGnG1nKDAcqbA==\":1,\"kOv/JJA
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\65ytao2x.default\minidumps [8 files]




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/03/2013 at 22:29:22.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



aswMBR:


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-03 22:58:41
-----------------------------
22:58:41.406 OS Version: Windows 5.1.2600 Service Pack 3
22:58:41.406 Number of processors: 1 586 0x2402
22:58:41.406 ComputerName: CLAUDE-LAPTOP UserName: Owner
22:58:43.375 Initialize success
23:08:36.078 AVAST engine defs: 13040301
23:09:31.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:09:31.593 Disk 0 Vendor: HTS541060G9AT00 MB3VA60A Size: 57231MB BusType: 3
23:09:31.921 Disk 0 MBR read successfully
23:09:31.921 Disk 0 MBR scan
23:09:32.390 Disk 0 unknown MBR code
23:09:32.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 52713 MB offset 9237375
23:09:32.625 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4510 MB offset 63
23:09:32.781 Disk 0 scanning sectors +117194175
23:09:33.390 Disk 0 scanning C:\WINDOWS\system32\drivers
23:09:56.468 Service scanning
23:10:44.781 Modules scanning
23:11:18.906 Disk 0 trace - called modules:
23:11:18.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:11:19.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fde030]
23:11:19.046 3 CLASSPNP.SYS[f8687fd7] -> nt!IofCallDriver -> \Device\0000009d[0x82f1b9e8]
23:11:19.046 5 ACPI.sys[f847e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fde940]
23:11:21.500 AVAST engine scan C:\WINDOWS
23:11:29.265 AVAST engine scan C:\WINDOWS\system32
23:14:41.562 AVAST engine scan C:\WINDOWS\system32\drivers
23:15:00.218 AVAST engine scan C:\Documents and Settings\Owner
23:19:27.406 AVAST engine scan C:\Documents and Settings\All Users
23:20:55.265 Scan finished successfully
23:21:35.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:21:35.218 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

Advertisements


#56
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
it is something different and how are things doing now



gringo
  • 0

#57
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
For the most part, all's well, and I did notice, especially after removing your tools and running CCleaner, that the machine started loading webpages quicker. Overall, everything is greatly improved over where I started and especially in comparison to last week's regression, with the IE browser; so I would say we've made great progress. :)


The only new oddity is the "Generic Host ...." message. But honestly I don't know if it is creating a problem somewhere in the background or not, especially since I don't know what it means. I'll leave that up to you to decide whether it needs to be addressed. Thus far, I've gotten a daily message since 4/1/13.

Did the new reports tell you anything of interest?

By the way, you never told me the cause of my computer issues. So, what / who can I put the blame on? Virus, spyware, malware, inept owner or what?
  • 0

#58
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Go to Start - Run, and type the following (Enter after):

chkdsk /r

It will likely find volumes in use and ask if you want it to run on reboot - select Y for yes, then reboot. This will scan for files as well a locate and repair bad sectors of the disk.

Go ahead and reboot, and let Check Disk run at startup and see if it locates and fixes problem areas.

Check for improvement after that.
  • 0

#59
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#60
Sinking Fast

Sinking Fast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Hi Gringo,

Thanks for checking in with me and I'm sorry that I didn't respond back. However, I ran the "chkdsk" (Post # 58) on 4/4, and monitored daily. So far I have not received another "Data Execution ...Generic Host" message. :thumbsup:


Laptop Update: One day the laptop is breezing through webpages, especially after running CCleaner, and the next day it just wants to nap and /or open multiple pages. Even Mozilla Firefox is beginning to show signs of stress at time.

Question: Could my old AVG antivirus program / remnants of it or even the virus I picked up from it (a fake copy) several years ago be the problem here? My current antivirus program is Microsoft Security Essential and yet AVG continues to lurk around. I really believe that it is the source of my problems. Perhaps it explains also why my current antivius software, Microsoft Security Essential, drops off sometimes or not reflect accurate scan time.

In any event, here are several reasons why I believe that AVG is still on my laptop and needs to be eliminated for good:

1) Task Manager, Processes Tab (I don't have AVG installed on the laptop and yet it shows resources being used for AVG).
a) avgrsx.exe
b) avgchsvx.exe

2) CCleaner
Utilities : AVG Antivirus10, removed 2098 KB, 4 files (every time I use CCleaner it reflects an AVG removal)

3) C:\ Program Files..AVG
a) AVG10
b) AVG2012

So, what are your thoughts? Can we work on getting rid of the AVG anti-virus or whatever bug it represents?

Again many thanks for your support and I look forward to your feedback.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP