Solved Computer Freezing when idle

November 29, 2012 at 15:35:26
Specs: XP Pro, SP3, 1.8 GHz / 991 MB
I've got a dual boot system, with both W2000 Pro, SP whatever, and XP Pro, SP3. I'm using XP Pro all the time now. Last time I tried booting to 2000 it told me that so many things needed updating, so I just quit. I think I'll eventually just delete the W2000 partition.

Anyway,,XP has been very stable, with no memorable "events", since I figured setting the BIOS for "optimal" or "best performance" (I forget which one I chose) cleared up some freezing and unable to boot problems, over a year ago.

However, lately (in the past year) I've had a new addition, a PCI card for USB 2.0. It has 4 available ports to the outside and one inside the case. I've noticed that when I begin doing things with a thumb drive, using the interior port, or even the external ones, the system becomes unstable and won't boot, won't shut down, etc.

I got through that, and it seemed it was gone, but recently I did something with the internal USB port (on the card) that crashed the system again, and this time, it seems as if it isn't done screwing with me. Now, whenever I go away from the computer for a length of time (haven't fully defined exactly WHAT "length of time" yet, though it seems to happen after a relatively short period, say, 15 minutes or so), I come back to find it frozen where I left it. If it was re-booting (automatic Windows updates, for example), it froze in reboot, and I'm looking at a blank screen. If it froze where I left it, the cursor and keyboard are simply not responding, and Ctrl-Alt-Delete doesn't work either, so in any case, I have to simply do a hard shut-down and start, or push the restart button, and it comes up ready to rock.

But it seems to freeze almost any time I leave it. Sometimes I'll come back and turn on the monitor, and get no response from the mouse (black screen, or Windows XP screen).

I've disabled Power Management in BIOS, disabled any screen saving ("none").

Well,,I was surprised that this time, I came back to the computer and it was responding. Nothing was left open. But last time I did the same thing, I found it locked up, cursor unresponsive.

I'm just scratching my head trying to decide what to do next.

Worst case, I'll save a bunch of stuff on a spare HDD and re-boot to the XP disc and do a re-install, this time without the W2000 partition. (Though I have no idea whether the problem will still remain or not.)

I'm wondering about the CMOS battery. What is the lowest voltage it should read, in "SIW" without affecting the performance of the computer?

Anyway,,anyone out there got any ideas? Memory seems to check out okay.

Maybe I'll unplug it, take it downstairs and blow out the dust, remove cards and connectors and re-connect everything, just to make sure it isn't dust or connector corrosion related.

Oh,,I'm also hearing something new, like a "mosquito" quickly buzzing and then stopping, in the area of the hard drives, sometimes, when it's accessing something I guess. It seems to be a new sound, though just yesterday I re-checked the two hard drives with a Seatools diagnostic ISO CD I made. Both drives passed the long test with no problems.

If I had a million bucks, I'd just buy some new hardware and build again, but I don't, so I'm trying to make this circa 2000 computer last.

I've also tried diddling with BIOS defaults, for instance "F6" and "F7", which, respectively, put the BIOS into "optimal" performance or "best" performance mode. This is what I did back when it was messing up before, and wouldn't shut down or boot, and it worked that time. It's been smooth sailing up 'til now, since then.

I think it worked that time because something about the memory timing was off, and the default setting worked to fix that.

Haaaalp!!!

edit: Just re-booted and it froze in the "windows is shutting down" screen.


See More: Computer Freezing when idle

Report •


✔ Best Answer
December 2, 2012 at 16:23:00
That's fine - hope you catch this monkey.

Always pop back and let us know the outcome - thanks



#1
November 29, 2012 at 16:09:45
Usually the first symptom that the CMOS battery is dying is that the clock shows the wrong time. Typically the battery is a CR2032 or similar which is 3 volts. However it needs to be measured on load to be meaningful, which could be difficult or risky. I doubt the battery is the problem but if it is the coin shaped type (as given) they are very cheap if you want to try replacing it. Some batteries are soldered in and that could be a lot more tricky.

Good idea to blow the dust out, particularly from the case vents and CPU heat sink, because this symptom could easily be a hardware fault. While you are at it, after general cleaning, clean the RAM edge connectors with a pencil eraser and pop the sticks in an out a few times to clear any oxide off the sockets themselves. I would be a good idea to do the same with any cards with edge connectors.

As for the noise, then somehow you have got to locate the source. This sounds crazy but sometimes the best way to find noise sources is to hold a stick of wood against the suspect with the other end on your ear. It is air movement that can make it difficult to locate the true source of a noise.

Usually ticking noises are a sign that the HD is nearing the end of its life. However fans can make noises too, or you could even have a cable touching the blades. It is usually possible to lubricate fans by removing the bearing end sticker (just a drop or two of oil).

Make sure all the internal connections are secure.

Best to do that lot before assuming this might be a software issue.

Always pop back and let us know the outcome - thanks


Report •

#2
November 29, 2012 at 20:32:28
Well,,I looked at the battery voltage using "SIW" ("System Information for Windows"), and it ("VBAT") is reading "3.36V".

Temps are looking okay,,around 100 deg. fahrenheit ("38 degrees centigrade") for both hard drives, and under that for the CPU.

It just froze again when I opened SIW, so I had to restart. Next time, it opened normally, and didn't freeze.

Hmm,,

So I plan to dismantle it tomorrow and do a bit of cleaning, though I just did that a few days ago.

It seems to freeze more when I shut off the monitor, so I think I'll try leaving it on for a while, though I think it did freeze once even when I left it on.


Report •

#3
November 29, 2012 at 21:19:08
First of all, you don't need to dismantle your hardware to clean it. Just get a can of compressed air and blow it out with that. Be sure to blow out the power supply from both ends.

If you have removed the heat sink/fan from the CPU then you need to thoroughly clean off all thermal material with solvent and re-apply fresh. The method used depends on the processor.

Your original post is SOO long that I did not finish reading it. However, your mention of doing something to the internal USB port got my attention. What exactly did you do with the internal USB port on the add in card?


Report •

Related Solutions

#4
November 29, 2012 at 21:27:14
I plugged in a thumb drive into the internal USB port on the card. The PCI card provides 5 ports, one internal and four external. I leave the side cover off of my computer, and am, with a swing of the head, staring into the innards, day after day, so the internal port is almost as accessible to me as the externals. I had, what you might call "USB overcrowding" that day, and chose to use the internal port.

By the way, I've also run scans in Avast and Malwarebytes scanners, and they both found things, and quarantined or deleted a bunch of files. I didn't verify whether or not the files that were affected were vital to the smooth operation of this brilliant machine. I probably wouldn't know what to look for if I did look, so I usually just "trust the software" to do the deciding for me. I also, just today, ran CCleaner, sent it on it's merry way, so undoubtedly, the software portion of this computer has changed in a short period of time. Just how much that affects its current problem is the question.


Report •

#5
November 29, 2012 at 21:37:05
"run scans in Avast and Malwarebytes scanners"
Can you post the logs please.

Report •

#6
November 30, 2012 at 00:29:48
Not sure if I know how to post the logs. I'm using the free version of each, and I don't know if they allow that function using the free versions. I'll see what I can find.

I do know that the Malwarebytes logs are accessible. Each scan has a .txt msg that summarizes what the results were.

But I've done several scans using each of these, over the course of the last week or so, trying to fix this.

I'll see what I can do.

Okay, here's one from Malwarebytes, where it caught a couple of things going on in the registry, related to some uninvited add-on called "funmoods", which I thought I'd gotten rid of:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bobby Boombatz :: JOSEPHINE [administrator]

11/24/2012 9:11:04 PM
mbam-log-2012-11-24 (21-11-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192941
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtAtDtC0BtCyDzz0FyCyC0ByEyBtAtN0D0Tzu0CtBzztBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=912001686) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtAtDtC0BtCyDzz0FyCyC0ByEyBtAtN0D0Tzu0CtBzztBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=912001686) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The next post, I'll post a screen grab of two scans Avast did, with results. Avast makes it more difficult to make copies of the scans, so I used the Prt Scr key, and pasted into Paint. It's in bitmap form, so I'm posting them to imgur, and I'll include the link.


Report •

#7
November 30, 2012 at 00:57:55
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


Report •

#8
November 30, 2012 at 01:14:23
Okay, I'll download and exercise AdwCleaner.

I have the scans from Avast, but they're in bitmap form, as I had to use the prt scr key to do a screen grab. I have them saved in Paint, as bitmap files, but haven't yet figured out how to use imgur to share them. It gives several options, but I'm not sure what's available on this site for viewing.

[IMG]http://i.imgur.com/BRRd0.png[/IMG]

<img src="http://i.imgur.com/BRRd0.png" alt="" title="Hosted by imgur.com" />

[URL=http://imgur.com/BRRd0][IMG]http://i.imgur.com/BRRd0.png[/IMG][/URL]

Those three are just the first image.

Here's the second scan that got results:

[URL=http://imgur.com/BRRd0][IMG]http://i.imgur.com/BRRd0.png[/IMG][/URL]


And finally, here's the result from AdwCleaner, BEFORE clicking on "delete":

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 00:26:11
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bobby Boombatz - JOSEPHINE
# Boot Mode : Normal
# Running from : E:\Documents and Settings\Bobby Boombatz\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKU\S-1-5-21-1614895754-113007714-1060284298-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtAtDtC0BtCyDzz0FyCyC0ByEyBtAtN0D0Tzu0CtBzztBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=912001686

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Funmoods");
Found : user_pref("extensions.funmoods.aflt", "download");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "32937285A1AB3915F757C22F4307AA45");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Found : user_pref("extensions.funmoods.id", "00301B158F66B473");
Found : user_pref("extensions.funmoods.instlDay", "15621");
Found : user_pref("extensions.funmoods.instlRef", "download");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:34:8");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:34:8");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:34:8");

*************************

AdwCleaner[R1].txt - [4068 octets] - [30/11/2012 00:26:11]

########## EOF - E:\AdwCleaner[R1].txt - [4128 octets] ##########


And here's the AFTER, after the deleting and the rebooting:

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 00:32:24
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bobby Boombatz - JOSEPHINE
# Boot Mode : Normal
# Running from : E:\Documents and Settings\Bobby Boombatz\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : E:\Documents and Settings\Bobby Boombatz\Local Settings\Application Data\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtAtDtC0BtCyDzz0FyCyC0ByEyBtAtN0D0Tzu0CtBzztBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=912001686 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\prefs.js

E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "32937285A1AB3915F757C22F4307AA45");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "00301B158F66B473");
Deleted : user_pref("extensions.funmoods.instlDay", "15621");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:34:8");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:34:8");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:34:8");

*************************

AdwCleaner[R1].txt - [4197 octets] - [30/11/2012 00:26:11]
AdwCleaner[R2].txt - [4257 octets] - [30/11/2012 00:31:48]
AdwCleaner[S2].txt - [4282 octets] - [30/11/2012 00:32:24]

########## EOF - E:\AdwCleaner[S2].txt - [4342 octets] ##########

HOWEVER, the computer froze during reboot, during the "Windows is shutting down" screen". I'll run the scan again.


Report •

#9
November 30, 2012 at 01:43:09
"It gives several options, but I'm not sure what's available on this site for viewing"
Thanks, I got it alright.

I use Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use
http://i.imgur.com/IwZrT.gif
http://i.imgur.com/q4uHK.gif
http://i.imgur.com/qk0sN.gif
http://i.imgur.com/PujnZ.gif
For other files.
http://i.imgur.com/KT4wS.gif
http://i.imgur.com/wAG3q.gif


Report •

#10
November 30, 2012 at 01:46:01
Okay, thanks.

The AdwCleaner scan did successfully remove all of those items. It showed clean on the next successive scan.


Report •

#11
November 30, 2012 at 01:46:36
"And here's the AFTER, after the deleting and the rebooting:"
Ok, that got rid of a lot, probably need to do more checks.

How is it running?


Report •

#12
November 30, 2012 at 02:21:25
2: Run ESET & post the log please. This scan may take a very long while, so please be patient. Start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a thumb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

Report •

#13
November 30, 2012 at 06:28:47
Just an aside.

You will probably get better cooling if you leave the side on, even if not fixed.

Always pop back and let us know the outcome - thanks


Report •

#14
November 30, 2012 at 07:09:21
The internal USB port is intended to be used to connect a bay mounted card reader. I don't recommend accessing it as you are. As Derek stated, cooling is designed to work with the case closed.

Report •

#15
November 30, 2012 at 11:39:56
Okay,,I just ran the ESET scan, straight, no chaser, and here's what it found:

E:\Documents and Settings\Bobby Boombatz\My Documents\Downloads\cnet_9300DDR_win98se_daudio51201_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

I ran it straight online, no thumb drive, no special settings. I did not disable Avast during the scan. I don't know if that affected the outcome at all.


I'll be gone for a while today, helping my son move to a new home, but I'll be back for more fun and games,,

Thanks immensely for all the help I'm getting here!


Report •

#16
November 30, 2012 at 13:03:36
After having read the list again, I realized 2 things: 1) I didn't disable Avast while running the ESET scan, as instructed. and 2) I didn't read the part about finding the logfile, so here it is, from the ESET scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0fbeb5c965d97441b44b98c2f3b64f01
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-30 06:25:42
# local_time=2012-11-30 10:25:42 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=74979
# found=1
# cleaned=1
# scan_time=6052
E:\Documents and Settings\Bobby Boombatz\My Documents\Downloads\cnet_9300DDR_win98se_daudio51201_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


As far as any changes I've noticed, during this scan and remove period, it does seem as if the responses are a bit peppier, but the fact is that I again found the desktop frozen in time when I arrived back home today. So, the freezing is still apparent.

Next step, dismantle, clean, re-assemble.


Report •

#17
November 30, 2012 at 13:16:39
3: Please copy & paste instructions into a text file, print steps & info. You will need them, as they are hard to remember, for when you are offline.

Note: Is your important stuff backed up, including your emails & address book. Anything can happen, during the clean up.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are irremovable.
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.
http://www.dslreports.com/faq/10063
How to report ID theft, fraud, drive-by installs, hijacking and malware?
http://www.dslreports.com/faq/10451
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These then we have to repair.

If any program won't run ( due to the infection ) let me know. Post the log/logs after each run.
Screenshots ( SS ) may also requested, or if you want to illustrate a point yourself, use the uploader.
If any of the logs are too large, upload them to a site of your choosing or, all can be done with this. I use Imgur.com

After each fix or change we make, let me know how the comp is running. Example: Computer Freezing when idle.


Report •

#18
November 30, 2012 at 13:18:48
I am continuing down the the infection path, until I'm 100% sure it's clean.

4: Run ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.



Report •

#19
November 30, 2012 at 14:11:41
Well, I guess there is some merit in making sure that there is no infection, although the symptoms originally given don't, to my mind, particularly point to one.

Maybe at some stage it would be interesting to know if this freeze also occurs in Safe Mode. Also disabling things in msconfig startup might unearth the culprit.

As things things seemed to started to going wrong when you plugged around with USB's, then maybe that area needs further attention. A quick trip to Device Manager to see if any errors are showing would not go amiss.

Always pop back and let us know the outcome - thanks


Report •

#20
November 30, 2012 at 14:51:14
Now there's ^ an idea. Try going into safe mode for a while, and seeing if it freezes up there. And the trip to the device mgr,,etc. Good ideas, which I will also implement sometime soon, after my son gets through printing something out.

Report •

#21
November 30, 2012 at 15:10:02
Derek.
"Well, I guess there is some merit in making sure that there is no infection"

W2000user said.
"By the way, I've also run scans in Avast and Malwarebytes scanners, and they both found things, and quarantined or deleted a bunch of files"

When those programs did'nt successfully remove what they found, my head then tells me, there is something else preventing their removal, usually it will be something much more sinister, only running more programs will confirm that.


Report •

#22
November 30, 2012 at 15:16:16
Sure thing.

Always pop back and let us know the outcome - thanks


Report •

#23
November 30, 2012 at 15:17:50
Or maybe they didn't remove everything at first because I only used the "quick scan" option the first time, and when I ran "full scan", something else came up.

Anyway, whether I have more infections or not, I'm still interested in the process, even if it's just a trial run.

I've always wanted to know what magic you guys wield here,,


Report •

#24
November 30, 2012 at 15:23:44
"I only used the "quick scan"
Quick scan is fine for MBAM.

Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#25
December 1, 2012 at 00:32:49
Interesting stuff.

Later tonight, I'm going to try putting this machine into safe mode, and seeing if it freezes there too.

Its performance is noticeably snappier now, undoubtedly due to the crapload of spyware or adware or whatever else it was, being gone now.


Report •

#26
December 1, 2012 at 00:39:58
Don't forget my post #18

Report •

#27
December 1, 2012 at 02:37:48
I haven't forgotten post #18. It's just daunting, in a way, to be facing a "combofix" episode, after all I've heard about it, which isn't much, actually, but just enough to know that it's major tampering with Mr.Computor, and not to be approached lightly.

But that's what I'm here for,,to get serious about the health and welfare of this box thing.

I'm noticing that here in safe mode, it's not freezing. I need some sleep. I'll approach combofix on the morrow.

Plus, did I mention that I'm 62, and a father and a husband, and have responsibilities that often take my time away from the work I've wanted to do here, on the computer.

but I do intend to comply,,


Report •

#28
December 1, 2012 at 06:23:54
"but I do intend to comply,,"
Ok, when you are ready.

"I'm noticing that here in safe mode, it's not freezing."
Once we make sure the comp is clean, we then have a good base to address any other issues.

"I need some sleep'
That's where I'm heading now.


Report •

#29
December 1, 2012 at 13:59:19
Okay, it's Saturday, and I'm getting close to doing the combofix routine.

I've been using safe mode, however it froze once in safe mode, but only because I was using a program that isn't meant to be used in safe mode ("SIW"), and it froze as it notified me that it wasn't going to co-operate.

Then I tried to access Avast, and it told me that Avast doesn't do real-time protection in safe mode, only purposeful scans.

Combofix,,Combofix,,Combofix,,yeah,,I'm getting all warmed up here,,,almost ready to go,,Combofix,,Combofix,,,,,,


Report •

#30
December 1, 2012 at 14:21:33
I don't think lack of Avast real-time protection in Safe Mode is too much of an issue. I'm a bit out of touch with Avast but it might have a quick scan.

Always pop back and let us know the outcome - thanks


Report •

#31
December 1, 2012 at 16:05:08
Just one question, before I run combofix,,

I noticed that amongst the list of websites provided in the combofix tutorial ( http://www.bleepingcomputer.com/com... ), for help, that this one (computing.net) isn't listed. Why not? Should I be cautious in receiving help from your site? I don't want to offend anyone here. I just want to be clear. Are you indeed qualified to help, or should I move over to "bleepingcomputer"? Give me some assurance please. I know that I've received expert help here before.

Specifically, "JohnW", are you indeed qualified to help? I noticed that some of the comments on this thread seem to imply that there are differences of opinion here.

However, whatever the case, I'm on the edge of my seat, being so close to initializing combofix, getting to see how it works. I've got my finger on the button.


Report •

#32
December 1, 2012 at 16:11:41
"I've got my finger on the button"

Go for it.


Report •

#33
December 1, 2012 at 16:21:34
As Johnw is apparently not around I'll try to clarify one part of your question.

There are no differences of opinion on here. We all muck in together and sometimes add various thoughts into the equation, which might create a brief discussion on possible ways forward but that's all.

I have not used Combo Fix sufficiently to push my luck with someone else's computer.
I have however seen Johnw at work with it on this forum with success.

EDIT:
Ooops we overlapped.

Always pop back and let us know the outcome - thanks


Report •

#34
December 1, 2012 at 16:28:30
"Ooops we overlapped"

Not much in it Derek, only 10 secs.


Report •

#35
December 1, 2012 at 17:02:20
Okay,,I'm going to go to the laundromat (our dryer isn't working), but before I go, I'm gg to initiate the process by closing all windows, disabling Avast and double-clicking the exe file. I won't be around while it scans (a good thing I suppose, since it's best not touched,,). But I'll be back later with the log.

Report •

#36
December 1, 2012 at 17:10:36
Ok, it's just after 9.am Sunday, here in Western Australia, got family coming here soon, shall look forward to your log.

Report •

#37
December 1, 2012 at 17:21:06
Thanks John. (I'm using the computer downstairs while mine is running combofix). Sometime soon now.

Report •

#38
December 1, 2012 at 17:31:41
Thar she blows!


ComboFix 12-12-01.02 - Bobby Boombatz 12/01/2012 17:19:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.539 [GMT -8:00]
Running from: e:\documents and settings\Bobby Boombatz\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Bobby Boombatz\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-11-30 21:52 . 2012-11-30 21:54 -------- d-----w- e:\windows\system32\NtmsData
2012-11-30 16:39 . 2012-11-30 16:39 -------- d-----w- e:\program files\ESET
2012-11-29 23:10 . 2012-11-29 23:10 -------- d-----w- e:\program files\CCleaner
2012-11-28 07:28 . 2012-11-28 07:28 -------- d-----w- e:\program files\Alex Feinman
2012-11-25 04:29 . 2012-11-25 04:29 -------- d-----w- e:\program files\ACDSee32
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-11 17:05 . 2012-04-02 09:20 697272 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2012-11-11 17:05 . 2011-08-11 05:40 73656 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 23:51 . 2011-08-09 09:35 361032 ----a-w- e:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2011-08-09 09:35 35928 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2011-08-09 09:35 738504 ----a-w- e:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2011-08-09 09:35 54232 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2011-08-09 09:35 97608 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2011-08-09 09:35 89752 ----a-w- e:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2011-08-09 09:35 21256 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2011-08-09 09:35 25256 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2011-08-09 09:35 41224 ----a-w- e:\windows\avastSS.scr
2012-10-30 23:50 . 2011-08-09 09:35 227648 ----a-w- e:\windows\system32\aswBoot.exe
2012-10-22 08:37 . 2008-04-14 09:00 1866368 ----a-w- e:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 13:42 58368 ----a-w- e:\windows\system32\synceng.dll
2012-09-30 03:54 . 2011-08-09 10:19 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2012-09-24 22:32 . 2012-07-08 16:27 477168 ----a-w- e:\windows\system32\npdeployJava1.dll
2012-09-24 22:32 . 2011-09-05 21:25 473072 ----a-w- e:\windows\system32\deployJava1.dll
2012-09-24 20:51 . 2012-07-08 16:27 73728 ----a-w- e:\windows\system32\javacpl.cpl
2012-10-27 18:00 . 2012-10-27 17:59 261600 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="e:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-10-25 74752]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
e:\documents and settings\Bobby Boombatz\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - e:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [8/9/2011 1:35 AM 738504]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [8/9/2011 1:35 AM 361032]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [8/9/2011 1:35 AM 21256]
S3 cpuz134;cpuz134;\??\e:\docume~1\BOBBYB~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> e:\docume~1\BOBBYB~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:05]
.
2012-12-02 e:\windows\Tasks\avast! Emergency Update.job
- e:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-12 23:50]
.
2012-12-02 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2011-08-09 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - e:\documents and settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - ExtSQL: 2012-10-31 18:05; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2796)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
Completion time: 2012-12-01 17:28:30
ComboFix-quarantined-files.txt 2012-12-02 01:28
.
Pre-Run: 10,572,038,144 bytes free
Post-Run: 10,537,164,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
.
- - End Of File - - C9970A94C37A38072B45A4DDB90801B4


Report •

#39
December 1, 2012 at 17:33:06
Plus, I might mention that upon receiving the log file, I immediately reset Avast to active protection. Should I also do the same with the Windows Firewall, which I disabled?

Report •

#40
Report •

#41
December 1, 2012 at 17:43:16
I'm gg to assume,,disable Avast first, before running "RogueKiller"?

Report •

#42
December 1, 2012 at 17:47:25
I'm gg to assume,,disable Avast first, before running "RogueKiller"?
Won't hurt.

Report •

#43
December 1, 2012 at 17:53:13
The tutorial states: "When prompted, type 1 and validate". I never got a "prompt". It just ran the scan when I clicked on "scan".

Here's the file it created:

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Bobby Boombatz [Admin rights]
Mode : Scan -- Date : 12/01/2012 17:48:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\All Users\NTUSER.DAT
-> C:\Documents and Settings\Robert Laughlin\NTUSER.DAT
-> C:\Documents and Settings\Robert Laughlin.DMLCOMPUTERS2\NTUSER.DAT
-> C:\Documents and Settings\test\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> E:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y060L0 +++++
--- User ---
[MBR] fbdc6509cc54dc40903facee25de07cf
[BSP] 41030222aa1a9e2509c12f52886e0d37 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 38632 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160023A +++++
--- User ---
[MBR] 731a234a95cc259acc22092f1ab1c0d0
[BSP] 7146848f8e13b0b0000ed06b55c04dcc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 151997 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12012012_02d1748.txt >>
RKreport[1]_S_12012012_02d1748.txt


Report •

#44
December 1, 2012 at 17:56:09
6: Run TDSSKiller & post the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS dos'nt run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button

Report •

#45
December 1, 2012 at 18:00:54
Also, RogueKiller created a quarantine folder with a couple dat files and a couple of txt files in it, one being a "quarantine report" txt file, which merely shows a date and time. The other txt file is named "Eula.txt".


On to "TDSSKiller"


Report •

#46
December 1, 2012 at 18:10:27
Before I run TDSSKiller,,I notice that RogueKiller left me a window open that states "Scan Finished Please look at the different tabs and delete items with the buttons"

Down below, it lists three items as "Found", with boxes checked next to each one, in green, under the "registry" tab. Should I hit the "delete" button? Should I be looking at the other tabs, and deleting items, as it apparently asks me to do?

I checked all the tabs. Only "Registry", "MBR", and "Driver" have things listed in them. Only "Registry" has things that seem to be "checked", as if ready for deletion.

Do I hit the "delete" button for these things, just for the three registry items, or ?


While I'm waiting for a reply, I'll run out and dry the laundry, which I haven't yet accomplished. Be back soon (1/2 hr or so).


Report •

#47
December 1, 2012 at 18:19:42
" Should I be looking at the other tabs, and deleting items, as it apparently asks me to do?"
Read the RK tutorial I gave you, can't get my head around what you are seeing. if you can't work it out, upload SS's & I shall look later.

Report •

#48
December 1, 2012 at 18:28:51
Okay,,the tutorial states that "option 1" is "Scan", "option 2" is "delete", and "option 3" is "hosts fix". It doesn't look like any "hosts" were found, as the "hosts" tab is empty.

It goes on to state, under these three options, under Option 1: In this mode, the program will only kill the infectious process and inform the user of the infected registry keys, but no changes shall be made. In this way you can safely generated report and post it

This appears to be the mode I chose when I clicked on "Scan".

Option 2 states:

In this mode, the program will also kill the infectious process, target registry keys allowing the rogue to restart at startup and delete them.

and

Furthermore, if among these registry keys a proxy was found (IE or Firefox),RogueKiller will prompt the user if he wants to keep it or not. A proxy is not necessarily malicious!

so, I have three registry hits showing, with checked boxes, as if to offer the opportunity to delete. The three are mentioned in the report.

Should I hit the delete button, before going on, to TDSSKiller?

The three registry items found are the following (from the report)

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


(Option 3 is N/A, since there were no "hosts fix" items found)


Report •

#49
December 1, 2012 at 18:38:28
"Should I hit the delete button, before going on, to TDSSKiller?"
I am doing this in between cleaning the swimming pool & other jobs before the family arrive.

Do the TDSS scan.


Report •

#50
December 1, 2012 at 18:40:47
Okay,,will do,,but first, the laundry,,haha.


Should I leave the "RogueKiller" window open, (i.e., can I run "TDSSKiller" with that window still open?),

or,,do I not need that window open anymore (no future decisions pending, concerning the three registry items?). TDSSKiller does not state specifically that other programs need to be closed, in order to work.

Reason I'm asking, is that once I leave to do the laundry, I've no guarantee that the computer won't freeze on me while I'm away. If it does, I lose the RogueKiller window.

I suppose, though, that I could always run RK again, and get the same results.

I know you're busy with people, so if you don't reply, I'll just close the RK window and run TDSSKiller, then go do laundry while it works.


Report •

#51
December 1, 2012 at 18:57:44
"I suppose, though, that I could always run RK again, and get the same results"
Correct.

"I know you're busy with people, so if you don't reply, I'll just close the RK window and run TDSSKiller, then go do laundry while it works"
Yep, that's the way.


Report •

#52
December 1, 2012 at 19:10:24
Okay,,so I just closed everything and ran TDSSKiller. 1st time, it froze during initialization, at "40%". 2nd time, after rebooting, I disabled Avast and tried again, and this time it worked.

Results, nothing offensive found by TDSSKiller.

I tried to copy and paste the report, but was unable to. It seems they have disabled the ability to cut and paste, within the scan window. I can only get as far as "wiping" all the text blue. Right-clicking does nothing.

"I'll be back"


Report •

#53
December 1, 2012 at 19:30:39
7: Run TFC
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...

8: Malwarebytes Anti-Rootkit ( MBAR )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/product...
How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer
http://www.bleepingcomputer.com/vir...

9: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#54
December 1, 2012 at 20:54:07
Back from laundromat,,

Going on,,

Ran TFC, about to run MBAR.

Noticing that since one of the first scans, Firefox has not been my default browser anymore. But I tried doing TFC with IE, and got a "your security settings are too high to run this program", so I'm still doing everything in FF. I have no great "allegiance" to any particular browser. It's just the one suggested to me by my youngest son. My elder son is a businessman, doing IT work from his own company. He uses IE.

Plus, I also noticed that when rebooting, the screen that gives me the choice as to which OS I'm using (XP, or W2K) only stays open for a second or so, where it used to sit there for about a half-minute, counting down until it made the choice for me (XP, being 1st on the "list").


Report •

#55
December 1, 2012 at 21:00:06
What time zone are you in?

Report •

#56
December 1, 2012 at 21:30:52
Okay,,MBAR found nothing amiss.

Security Check results:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 37
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 16.0.2 [color=red][b]Firefox out of Date![/b][/color]
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive E:: 8%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


I'm in the Pacific Time Zone, Southern California to be exact. But I'm retired. I'm up at a variety of hours. I don't sleep much either, since I have RLS (restless leg syndrome) and kidneys that won't wait. I'm up and down all night. I even sleep a lot during the day, since RLS seems to affect people mostly at night.


Report •

#57
December 1, 2012 at 22:40:16
Just left our guests for a few minutes.

10: Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Post those results in your next reply.

11: To me, your copy of Avast has got corrupted/buggy & needs uninstalling. If you feel the same, here is the uninstaller.
Avast! Uninstall Utility
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.avast.com/eng/avast-unin...

12: Whilst uninstalled, try the one I use. It's FREE.
Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/bes...
http://www.cnet.com.au/microsoft-se...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...
If you choose to use Security Essentials, please follow the steps in this thread first, especially the part about removing all existing realtime antimalware:
http://kb.eset.com/esetkb/index?pag...

13: Uninstall Combofix.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
Double check no Combofix files remain, I use this for searching, I have it open all the time.
UltraSearch
http://www.softpedia.com/get/File-m...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/ultrase...


Report •

#58
December 2, 2012 at 01:08:13
Came home from the laundry, found screen frozen again. Rebooted, up to the desktop, and MBAR presents itself to me again, wants me to "Run?", so I ran.

Same result, clean.

So I ran ListParts, and here's the result:

ListParts by Farbar Version: 30-10-2012
Ran by Bobby Boombatz (administrator) on 02-12-2012 at 00:59:42
Windows XP (X86)
Running From: E:\Documents and Settings\Bobby Boombatz\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 30%
Total physical RAM: 991.48 MB
Available physical RAM: 691.64 MB
Total Pagefile: 2390.23 MB
Available Pagefile: 2213.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.92 MB

======================= Partitions =========================

2 Drive c: (W2000) (Fixed) (Total:19.52 GB) (Free:9.46 GB) FAT32 ==>[Drive with boot components (Windows XP)]
3 Drive d: (Barracuda) (Fixed) (Total:148.44 GB) (Free:25.63 GB) NTFS
4 Drive e: (WinXP) (Fixed) (Total:19.53 GB) (Free:9.77 GB) NTFS
5 Drive f: (Space, The Final Frontier) (Fixed) (Total:18.19 GB) (Free:18.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 57 GB 0 B
Disk 1 Online 149 GB 628 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 20 GB 32 KB
Partition 2 Extended 38 GB 20 GB
Partition 3 Logical 20 GB 20 GB
Partition 4 Logical 18 GB 39 GB
======================================================================================================

Disk: 0
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C W2000 FAT32 Partition 20 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E WinXP NTFS Partition 20 GB Healthy Boot
======================================================================================================

Disk: 0
The disk management services could not complete the operation.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 148 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D Barracuda NTFS Partition 148 GB Healthy
======================================================================================================

****** End Of Log ******


Report •

#59
December 2, 2012 at 01:39:21
I'm back online as well, family gone, left me with a laptop to repair, which I will enjoy doing.

Just to update, everything is coming up clean now, all we have to do is sort out RK. A picture is worth a thousand words, can I have as many SS's as it takes to show me all that stuff please.

If it is still freezing with Avast uninstalled ( disconnect from the internet ) try MSE & see how it goes.

If it is still freezing, that is the next stage to tackle, after we run RK.

Screenshots ( SS ) as requested, use the uploader.
If any of the logs are too large, upload them to a site of your choosing or, all can be done with this. I use Imgur.com
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use
http://i.imgur.com/IwZrT.gif
http://i.imgur.com/q4uHK.gif
http://i.imgur.com/qk0sN.gif
http://i.imgur.com/PujnZ.gif
For other files.
http://i.imgur.com/KT4wS.gif
http://i.imgur.com/wAG3q.gif


Report •

#60
December 2, 2012 at 02:13:22
Okay. Now I'm getting tired. Think I'll have to take a break. Thanks for all the help.

Report •

#61
December 2, 2012 at 02:31:15
"Think I'll have to take a break"
When you have finished all the other stuff, could you upload your dump file please.
Shall see if we can nail the problem.

Minidump file is located in C:\Windows\Minidump


Report •

#62
December 2, 2012 at 02:55:21
Okay,,just went downstairs for a bowl of granola.

Still tired, but want clarity.

The "dump file". I've not heard that term. Is the "dump file" you request the same as the "Minidump file" you referred to? Is this a function of Windows? or did Combofix create it?

I'm going to have to take some time to rest, but when I have the energy, I'll do some work on what you requested.

I'm not clear on how I should "feel" about Avast being "corrupted/buggy". I wouldn't know how to determine that. I thought it was working fine. Maybe not. What gives you that "feeling"? I've been using the free version for years. But it only does scans on request, I think. But maybe I'm wrong. I think I recall something about it checking emails and websites, etc. I do remember being warned off some sites by Avast.

I've tried a lot of antivirus proggies. Norton, McCaffee, Dr.Solomon's, Kapersky, AVG, I forget a lot of them. The only one I've come to like is Avast. But I'm willing to change, if you think I should. I try not to develop "allegiances" to software, which can be detrimental in the long run, maybe.

But maybe there's something about Avast that you feel isn't doing its job? Or maybe you simply prefer MSE, because its "in house" software, and they should know what they're doing.

My son (the IT guy) also uses MS products, but has referred me to Avast, or TrendMicro (back when they had a free online scan). I think he probably uses MSE also, but I'm not sure. I know that he uses IE.


Report •

#63
December 2, 2012 at 03:15:38
" Is this a function of Windows?"
Yes.
Use UltraSearch to find or go to it manually.

Nothing wrong with Avast, it's your copy that has raised my suspicions, uninstall it as previous info.

It's a process of elimination, you can always go back to Avast.


Report •

#64
December 2, 2012 at 07:03:51
Oh,,just great.

I just got up to use the loo,,decided to restart, check messages, and then decided to download "Ultrasearch", as you suggested I use that to find "minidump".

Well,,I haven't sorted out what happened yet,,but here's what I observed:

I looked for the minidump folder where you said it would be, and voila, there it is,,C:\Windows (actually, "WINNT")\Minidump.

I looked in the folder, and it was empty. So, I assume this folder gets stuff in it when you do a "dump" from some other program?

But actually, my "C" drive is where the system boots from, and the original drive, but it's not in NTFS, but FAT32, so once I downloaded Ultrasearch and installed it, I ran it, using the search terms "dump", and "minidump". "Dump" came up with a bunch of hits, but "minidump", nothing (since it's on a FAT32 drive).

Is it still a pertinent folder?

Next,,the unimaginable happened

I open Firefox, to navigate here and check messages, and notice a new toolbar on my browser,,,and,,wait for it boys and girls,,,,it's FUNMOODS again.

I don't have the words,,,


I do know that I downloaded Ultrasearch after doing a search for it in google, and I chose to download it from the CNET download site, which allegedly has protection against viruses as part of the download package (some sort of proprietary software to "secure" the download).

I have no idea how this could have happened. Was the "CNET" site bogus?

FUNMOODS,,,,

Sheesh.

Well,,as I remember,,AdwCleaner found the majority of the funmoods items. I think maybe MBAM found some, or Avast,,can't remember which.

Back to square one?

I'm NOT using "Ultrasearch" again. Now I don't even know whether I should firstly dispose of Utrasearch, or do a scan.

Great.

Now I'm noticing that under View/toolbars at the top of the FF window, "funmoods toolbar" is listed, but not checked. That's what I saw when I first saw the toolbar show up just five minutes ago. But the actual toolbar itself is now no longer visible. I didn't uncheck it. It was never checked. I don't know how it suddenly appeared, after installing Ultrasearch, and now I don't even see it anymore, except as one of the options in the little search window on the navigation toolbar, and as I said, the unchecked reference in View/toolbars.

I thought we were out of the woods. What happened?

I'm about to say screw it and just do a re-install of XP, sadly.


Report •

#65
December 2, 2012 at 07:30:02
Wow,,

I just tried doing a search for "all files and folders modified on 12/2/2012", in order to try to find out what events happened when,,and the computer froze when I hit the "search" button.

So, I reboot, go back into Firefox, and see that the funmoods toolbar is still there, staring me in the face. So then I remember that once, I found that it was an "add-on" in FF, so just now I looked in the FF Tools/add-ons menu, and there it is,,funmoods toolbar, under "extensions". I saw the choices,,"options/disable/remove", and I chose "remove". So now it's not listed in the "Tools/add-ons/extensions area, but it still came up when I was prompted to restart FF after "removing" it. I don't see it anymore in "View/toolbars", however, and it seems to go away (the toolbar itself) when I navigate to this site. It was there before, but not now.

Amazing. But I bet if I reboot/restart FF, it's still there..

I feel like I'm stuck in quicksand, and the more I struggle, the deeper I go.


Report •

#66
December 2, 2012 at 07:40:08
Okay,,so I restart FF, and funmoods loads its silly toolbar in my face again.

I'd like to show the creator of this bogus piece of software a "funmood",,,,


and then, as before, when I navigate to computing.net, it's gone.

I think that's because it's not only a toolbar, but a search engine, and the toolbar only shows up when the search engine is called on. But the funny thing is, I didn't have funmoods chosen as the search preference, but rather, Startpage. I just started using Startpage when I decided to dump Google, around a few months back, when Google changed their security policy, informing us that it's in "our best interest" that they find out things about us, and then force-feed us what "they think" we're "really looking for".

It's like a "nanny state", where they try to take you out of the equation, when it comes to deciding things for yourself.

I'm pretty messed up right now, discouraged.

If I were on my own, at the moment, I'd be abandoning the past, launching forth into a new age, with a fresh install,,,

The only reason I'm still here is to give you another opportunity to redeem yourself,,haha.


Report •

#67
December 2, 2012 at 07:45:06
Okay,,I just found "funmoods" listed as the FF homepage. How that happened, I can't imagine. I didn't do it.

They should advertise this piece of ****, "Funmoods,,It's really no fun at all".

I switched the homepage back to the Mozilla default.

But what's puzzling is that "funmoods" is no longer listed as an "add-on", nor is it in the "View/toolbars" area. But I just found it, still in the drop-down list of search options. I right-clicked it and removed it there.

But you and I know,,if it was in all those places,,it's still infecting the computer,

My first instinct, short of a fresh install of XP, is to run AdwCleaner again, and MBAM, and Avast, and,,,,,I guess,,the whole gamut of programs we just went through,,again.

Un-believeable.


Report •

#68
December 2, 2012 at 07:52:54
Are you emptying the recycle bin in between?

Report •

#69
December 2, 2012 at 10:26:08
I make it a fairly frequent point to empty it, but haven't been doing it religiously. Should I be?

I'd say "most of the time", whenever I see something peeking out the top of the trash can icon, I empty it.


Report •

#70
December 2, 2012 at 10:59:49
"whenever I see something peeking out the top of the trash can icon, I empty it"

In general that sounds reasonable enough to me. Whether it is one little file or 1000 large ones it will still show the exact same icon until it is emptied.

As part of this exercise it might be sensible to empty it more religiously, although I doubt many viral files would re-activate from the recycle bin.

Always pop back and let us know the outcome - thanks


Report •

#71
December 2, 2012 at 12:27:09
To be fair to JohnW, when I downloaded Ultrasearch, at his suggestion, I did not use any of the sites he recommended. Instead of bothering to scroll up for that post, I simply Googled "Ultrasearch", and took the site that had "CNET" in the address, because up until now I've always thought CNET to be an authority in the computer world. And even so, though I did find Funmoods had returned RIGHT AFTER INSTALLING ULTRASEARCH, there's no proof that it was due to an fault in the installation or any of the files concerning Ultrasearch. I simply suspect it, since it happened so quickly, directly afterward, and also I suspect CNET's "secure download" software might have been infected. How probable that is, I do not know.

Report •

#72
December 2, 2012 at 13:22:20
I run Ccleaner Slim daily. Cleans up the cookies and recycle bin. Not sure if it works with W2k. You can get it at the link below. Just checked, it does support W2k. Excellent free utility. The registry cleaner is also safe to use.

http://www.piriform.com/ccleaner/bu...


Report •

#73
December 2, 2012 at 13:31:41
I actually haven't "used" W2K in a long while. It's just sitting in a partition, reminding me of days gone by,,

So, in that sense, I suppose my nym here is misleading. At the time I joined, however, I hadn't yet begun my dual boot adventure, so I WAS actually using W2K exclusively.

But thanks for the facts. I'm very fond of CCleaner.

But having things on your computer that you're "fond of", but rarely use, is somewhat,,erm,,"useless", I suppose.

One thing I'm going to do after this present fiasco, is try as much as I can to get on top of the ongoing fight against malware, both personally, and as a mass propaganda tool in order to overturn the present administration. I'm going to start calling anything that appears out of nowhere, subtly takes power, hiding behind a seemingly benign appearance, starts using up available resources so fast that it seems to drag down both the performance and speed of recovery of my computer, "Obamaware".


Report •

#74
December 2, 2012 at 13:57:58
I think, firstly, I'll take the dang thing apart, like I was gg to do, at Derek's prompt, blow it out, unplug and replug things, etc. Maybe I'll even change the CMOS battery while I'm at it. I might even stop by Fry's and buy a few new data cables for the drives.

Also, I periodically keep hearing "these noises" when something is seemingly being accessed (remember, I'm sitting here with my tower right in from of me, side removed, staring at the innards,,). Not frequently, but at least once per boot, something is sounding like a large mosquito zipping by my head rapidly a couple of times, and then, accompanying that sound, right afterward, is something lower-pitched, more like a couple of subtle "clunks". I may have been hearing these before, but I can't say for sure. It sounds like something that is programmed to happen, rather than something happening accidentally, like a hard-drive failure, randomly making noise. I'd almost be willing to believe that it's someone or something remotely affecting my computer. But I can't be sure at this time. But it could also just be the computer accessing the secondary drive while booting. I don't know.

I've already used Seatools diagnostics to determine that both drives are healthy. At least they both "passed" the long test.

Regarding this, I'm in a LAN with my son downstairs, who almost BOASTS about never using virus protection, or updating Windows. He makes a point of being a rather "carefree" type of guy, free of "unfounded fear". (I think he's just reacting to his mom and dad's tendency toward paranoia, and,,well,,"unfounded fear".

I've found, at times, something like 40 Windows updates that hadn't been done, on his computer. But I don't like to legislate behavior, so I just let it go. He's 25, and an adult. He's also an accomplished classical guitar student, having graduated "magna cum laude" and presently pursuing his Master's degree in music, so I give him credit, and space.

But if something on his computer is affecting or trying to access mine,,

Maybe I need something like "ZoneAlarm", eh?

One thing I'm learning here is that the performance hits that a computer suffers when infected aren't always readily apparent, but often subtle, and gradual, "stealthy", you might say.


Report •

#75
December 2, 2012 at 14:16:56
Refer back to #3 above. I would go a step further and encourage you to BLOW the case out without any dismantling. You can't really do a good job any other way. The power supply gets really dusty inside and you shouldn't open those up. Disconnect the tower and move it to an area where dust isn't going to be an issue. Garage/ basement/ outside. Just remove the one side cover. You can reach everything from there. Blow the PSU out from both ends.

Whatever you do, do not use a vacuum cleaner on your computer.


Report •

#76
December 2, 2012 at 14:30:23
When "blowing out" the computer, I'll usually take it out to the back porch, sit it on the metal picnic table, and bring out my brushes, air cans, and the vacuum. I'll only use the vacuum to mostly to create an air flow, in order to suck up the dust I disturb with the brush. I "discharge" first by touching the case, both me and the brush.

Then, or maybe even before the brushing, I'll turn the vacuum into a blower, (It's a Kirby), and gently blow out whatever there is in the way of loose dust. The brush comes into play mostly to loosen dust that isn't co-operating with the blowing (such as inside a fan casing.

I'm careful not to touch anything directly with the plastic of the vacuum hose, since there could conceivably be a build-up of static charges on the plastic, due to air movement.


Report •

#77
December 2, 2012 at 14:37:14
Just now, I noticed that sound again,,I think I was looking at email,,it was definitely two "mosquito fly-bys in rapid succession" and a couple of "crickets responding". I'll get a dowel and try to define which drive the sounds are coming from.

Report •

#78
December 2, 2012 at 14:46:33
A few general observations, in addition to my very first response.

You said it once it froze when shutting down. Not unheard of with XP and in my case I got hold of UPH Clean (for 32 bit XP only, from MS) and never looked back. Here:
http://www.microsoft.com/en-gb/down...
It is a good thing to have on-board and will do no harm, but I doubt it would help your other issues.

When you say you hear activity, there are several quite normal possibilities:
There are idle tasks (cleanups) that Windows will perform when the computer is on but not being used. Your virus checker will update from time to time and of-course there are Windows updates. It might be worth looking in Scheduled tasks to see if there is something set there and if so whether you want it.

When you get freezing in normal Windows but not safe mode it can be a driver issue. Nice and easy to say but not so easy to track down which one. There is Windows debug but it is a fairly convoluted procedure and you have to "catch" the error when it happens.

I assume there was nothing in Device Manager (as per my #19). In the same response I mentioned use of msconfig. Fine, but again it can be convoluted with intermittent symptoms because the machine can always decide to behave for a long while without you doing anything at all.

IRQ clashing is another possibility but I have to say I've not seen much of this since the old W98 days. You could always move your graphics card into another slot (yes, rather crude and hopeful but easy to do), that's if you are not using on-board graphics.

Sharing your LAN with a possible infected computer doesn't usually cause cross infection. Sharing flash drives is more likely.

Look in Events for errors. You are sure to see some (unless you have worked on them in the past). Just the same, sometimes what is reported might give you a clue.

Lastly (for now) type sfc /scannow in the Run box, hit the Enter key then let it run through. That will replace any corrupted system files or ones which are the wrong version.

It's a long post so excuse me if I've repeated something already said.
Err.. go for the easiest things first...

Always pop back and let us know the outcome - thanks


Report •

#79
December 2, 2012 at 15:08:11
A household vacuum constantly builds up a static charge in the hose because of the friction of the rapid air flow. You shouldn't use a vacuum at all. You can cleanup AFTER you are done.

Your problems with this computer started after you plugged in a USB drive internally. Good possibility you may have weakened a component due to static discharge.


Report •

#80
December 2, 2012 at 15:13:53
Yes, the USB "seemed" to start it all. Possibilities include something nearby getting disturbed in the process. Edge connectors maybe?

Always pop back and let us know the outcome - thanks


Report •

#81
December 2, 2012 at 15:16:52
Thanks for that, Derek.

I don't think it's a "scheduled task" that is causing the sounds, because it's over in, say, 5 seconds tops. All of those schedule updates and such usually take several minutes (on this computer).

I think it did freeze once in safe mode, when I tried running SIW while there, to look at my memory sticks and their timing. I do notice that the timing seems different on one stick than on the other. Memory scans always seem to pass, but there might be some kind of incompatibility or fault with one of the chips, that only shows up every so often.

Device Mgr seemed clean, but as you said, it doesn't always show when you want it to.

That sound just happened again,,this time more than "two fly-bys", more like six or so. and those "clunks". I tried getting a peek at task manager while the sounds were happening, to see if something was active just then, but was too late. Maybe next time.

My son and I HAVE shared flash drives, usually to view a downloaded movie. But I've scanned those drives and found nothing amiss. But it only has to happen once,,

I don't know where "Events" is, to look at.

I'll do the sfc thing.

Don't talk to me about "long posts". I'm the king of long posts,,haha. I don't mind reading, at all. Thanks.


Report •

#82
December 2, 2012 at 15:20:05
Various provided ways to events but a quick way is just to put eventvwr.msc in the Run box. Ignore the Internet Explorer section - it is always empty but I won't bore you with why LOL.

Always pop back and let us know the outcome - thanks


Report •

#83
December 2, 2012 at 15:23:30
Plus, the internal port for the USB card is located kind of in the middle of the case, where all there are are loose data cables and power wires hanging around. At worst, my hand could have brushed a cable while removing or installing the thumb drive, but I'm relatively chargeless,,,hehe,,

I'm certain that I didn't jostle anything enough to disturb the edge connectors, but it's a thought. I'm pretty careful with sticking my hands into the box. I was an electrician for 25 years before I retired.

(I'm starting to sound like my wife. She lets go with a tremendous sneeze, spraying the room, deafening all around, and then declares "It's okay,,I don't have any germs",,)


Report •

#84
December 2, 2012 at 15:33:01
Derek,,interesting read, the eventvwr. I'm liking it. Not sure how to best use it yet, but it's there. I see places where it says "application hang", etc.

It reminded me that for quite a while, every time windows does an automatic Windows update, I find my computer frozen with a black screen, from a seeming incomplete reboot. I just figured it wasn't anything serious, and simply rebooted again, which was always successful. But why it freezes in restart with an auto-update I can't say.

It seems as if, along with all the other events listed, periodically the "security center" is being accessed for some reason, like clockwork.


Report •

#85
December 2, 2012 at 15:47:51
I'm curious as to why, and how soon I need to be removing Combofix and its associated files. Is something vulnerable, or being damaged, the longer it remains?

Report •

#86
December 2, 2012 at 15:50:25
Refer my post #7
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

"Next,,the unimaginable happened"
You have gone into blame mode straight away.
Dumb, stupid, ignorant, pompous, how can one not recognize that someone helping is giving good advice & not say to themselves, what am I doing wrong.

"I guess,,the whole gamut of programs we just went through,,again.
Correct.

"How probable that is, I do not know"
Open your eyes.

"Googled "Ultrasearch", and took the site that had "CNET" in the address"
I uninstalled my copy of UltraSearch, downloaded the CNET version. This is what it loads, they probably do this to all their FREE programs.
http://i.imgur.com/hJ660.gif
Reinstalled UltraSearch from my source. This is what it loads.
http://i.imgur.com/AMFXC.gif
http://i.imgur.com/Vta9O.gif
http://i.imgur.com/JUwLt.gif
http://i.imgur.com/SJk3Q.gif
http://i.imgur.com/4pudl.gif

"I'm about to say screw it and just do a re-install of XP, sadly"
And make the same mistakes again.

If you still want me to help, work your way through to my post #59. Don't rush/skim or skip.
Make sure you have Show hidden files and folders available.
To access: Control Panel > Folder Options or My Computer or Windows Explorer > Tools > Folder Options,
tick/check > Show hidden files and folders.
If the Minidump file is not available, look for the > MEMORY.DMP file. If neither are available, let me know.

"The "dump file". I've not heard that term. Is the "dump file" you request the same as the "Minidump file" you referred to? Is this a function of Windows? or did Combofix create it?"
xp minidump
http://is.gd/4pDQkX
xp memory.dmp file
http://is.gd/ae470G


Report •

#87
December 2, 2012 at 15:50:50
Re #84

I believe we might not know all the things that Windows gets up to cause brief periods of activity. Performance monitoring could be one thing or even some paging going on.

I'll own up to having a "bee in my bonnet" about edge connectors. It goes like this:
The contact area on each segment is very small. After a long period oxide can form around each contact which only makes the edge connector look a tad dull. In we go to do a clean up and something only has to move an imperceptible amount for the contact to move to the area with oxide. It's not just theory either. Many weird problems have vanished for good after I've used my pencil eraser. That goes for SATA HD power connectors too - which can often be quite flimsy.

Are you using Microsoft Security Essentials by any chance? That keeps a good check on Security Center. Probably other AV's do to, making periodic checks to ensure nothing has been compromised.

You can often get a handle on the reason for event errors - click them and see the link to MS. Sometimes what you get is useful, other times worthless - then there is Google (using event error numbers). Warning, this can almost become a hobby and take up lots of time. At this point best concentrate on those that you think could be most related to your particular issue.

Always pop back and let us know the outcome - thanks


Report •

#88
December 2, 2012 at 15:52:36
"I'm curious as to why, and how soon I need to be removing Combofix and its associated files. Is something vulnerable, or being damaged, the longer it remains?"

Combofix update daily, before running it again, you must uninstall the old version.


Report •

#89
December 2, 2012 at 16:07:40
Win2000user Re #86

If you want to ensure your computer is quite free of any virus then you are best to run with Johnw. I'm very happy to hang fire on the more general ideas because it is far best to concentrate on one thing at a time - virus cleaning is complex enough without any other distractions. We can always come back to the more general ideas later, that's assuming there proves to be any need to do so.

Always pop back and let us know the outcome - thanks


Report •

#90
December 2, 2012 at 16:19:37
"I'm very happy to hang fire on the more general ideas"
Thanks Derek, if I get a dump/dmp file, that will usually tell us what the problem is. Event errors like you say, can be daunting, better than nothing.

Report •

#91
December 2, 2012 at 16:23:00
✔ Best Answer
That's fine - hope you catch this monkey.

Always pop back and let us know the outcome - thanks


Report •

#92
December 2, 2012 at 16:50:28
Hmm,,looks like I've been "86'd",,haha (referring to the scolding in post #86).

John,,when I ran the install on Ultrasearch, from the CNET site, I never saw that message, about "Funmoods" being installed. Several of the windows I had to go through during the install were BLANK, and I just had to click "next step", assuming it was nothing harmful, but only something like a choice of where to install the program, or some other innocuous matter.

Maybe the window contents don't show unless you're using a specific browser (IE). I'm using Firefox.

I don't consider myself "dumb, stupid, ignorant, pomous" to be cautious with those whom I have only just met. I don't know you, nor you me. Maybe you are assuming things about me as well. I didn't "blame", so much as throw my hands in the air in frustration. I didn't immediately suspect that you were "to blame". I was simply frustrated with the fact that I downloaded something, from a seemingly safe site, and re-infected myself. That's why I explained, later, that it wasn't blameable to you, but to my hasty decision to avoid scrolling back to find the exact sites you suggested. I have always assumed CNET to be an authoritative and safe source, but no longer. Sneaky b---tards,,

Also, realize that one cannot, upon first inspection, or first contact, assume that anyone is giving them "good advice". How does one assess that in such a short time. I'm just struggling to get through the gamut of software fixes without messing something else up in the process, due to unfamiliarity. Give me a break. And don't make the mistake of thinking so highly of yourself that you feel you're beyond suspicion, cautious vetting, limited approval. None of us, on first contact, are worthy of that kind of "blank check" approval. You have to go through the process of "introductory social adjustment", when meeting someone new.

Or, you can just assume me "ignorant, pompous, stupid, dumb." Whatever floats your boat.

Should I assume, just because you dwell here, on a computer help site, that you are entirely competent, and never lacking? Don't you think that's a bit much?

Of course I still want your help, and appreciate it. That's the consensus here as well (re:#89). Unless, of course, you don't feel comfortable helping me, due to my forthrightness or any particular peculiarity. I might offend some with my lengthy tomes. I'm just trying to be clear, and not leave anything out.

Derek:

Thanks for your help and suggestions. I don't use MSE,,yet. John is trying to convince me to, however, after uninstalling Avast, which he suspects of being "buggy". Well,,I'm old enough to be driving a "buggy",,haha. But I'm not in love with Avast. It's just been my standby virus scan for a couple of years now, and has seemingly always served me well.. But I don't know. I'm still going to put my trust in John's skills and go with his suggestion. Life's an adventure. I suppose I'm somewhat under the influence of the "anti-MS crowd", who tend to think that anything "Microsoft" is vulnerable, and more so than other programs. That's probably too general a statement, and untrue to some extent.

I also know what corrosion, or oxidation can do, having dealt with it as an electrician. I always tell people,,"The weak point is in the connections, due to potential corrosion." and "Most electrical problems are primarily mechanical problems, where the connections are faulty, due to build up of oxidation, and require cleaning, scraping, and various substances to fend off the inevitable. A junction that is corroded, or soldered poorly only gets worse, through heating, arcing, burning, etc."

But you're right,,no sense in getting side-tracked while going through the disinfection process.


Report •

#93
December 2, 2012 at 17:25:19
"Solved"?

Did I do that, by my choice of "best post"?


Report •

#94
December 2, 2012 at 17:35:21
Hmm...looks like the heavy activity on this one is taking its toll all round. Hope to see further progress, particularly in ensuring that the computer can be deemed free of viruses etc., with Johnw's help.

Well, yes, Best Answer does mark it as Solved but that doesn't have to stop any further activity and it can even be shifted these days, so I believe.

EDIT:
I'm off to bed now (1.45am looming here in the UK - Yeah, I'm a night owl). Bash on with what you have and we'll see what gives tomorrow. I think OtheHill is monitoring this one so he might have an input in the meantime too.

Always pop back and let us know the outcome - thanks


Report •

#95
December 2, 2012 at 17:45:24
W2000user
"I'm using Firefox"
Ditto.

"but to my hasty decision to avoid scrolling back"
An easier way is to use Ctrl + F & just put part of what you are looking for, in the Find box.

"Of course I still want your help, and appreciate it"
No problem with me, just waiting as per previous post.


Report •

#96
December 2, 2012 at 18:19:34
"from the CNET site, I never saw that message, about "Funmoods" being installed"

I always download files onto my desktop & then install from there. That way I can see what is being installed.

Is that the way, you do it?

That's the only thing I can think of, that would be different between your install & mine.


Report •

#97
December 2, 2012 at 20:36:58
I did direct most or all of the other downloads to the desktop, since I saw that specific instruction. This one, I think I ran from "MyDocuments/Downloads",,I didn't know that it made a difference, unless specifically stated.

It was very puzzling, getting three or four installation windows in a row with nothing in them except blank space, prompting for "Next". So, I went with it, blindly forging forward in space and time, in pursuit of excellence, I was.

So you're telling me that because I ran the install file from my Downloads folder instead of the Desktop that it didn't display content inside the install windows?

Is the order you're shuffling the proggies to me pertinent? I'm assuming you didn't just pick the order by happenstance.

In which case, having printed out all your posts, I could just follow the same order again, repeating things. I'm never sure just how deliberate to be in following directions, whether, for instance, it matters if I uninstall Avast now, and install MSE now, or do that later. Or whether I should uninstall Combofix now,,etc. etc.

I suppose I need to uninstall Combofix before running it again, due to the daily update you mentioned.

And then we still need to take care of the RK issues.

So where do I begin? with post #7, or somewhere in the middle of post #57?


Report •

#98
December 2, 2012 at 21:06:42
I think my relatively independent behavior in following stems from a combination of things:

Firstly, I've always been under the impression that people who offer help don't do it to create a dependency ("give a man a fish,,,"), but rather, offer guidelines that cause one to learn to do things on one's own eventually ("teach a man to fish,,"), after they get the hang of it. That's my goal actually, to gain mastery of this field, so that I can also help others. Most of what I did as an electrician was change lamps in lighting fixtures and fix existing installations that weren't working, not a very challenging activity, but it put food on the table. I was the sole "lighting electrician" for the City of Huntington Beach ("Surf City"). So now, in retirement, I hope I can learn more than I presently know. It's my thing.

But since you ask that I follow more closely, I'll do so, to the best of my ability.


Report •

#99
December 2, 2012 at 21:20:08
"And then we still need to take care of the RK issues"
I originally did that order on purpose, but lets start with RK & then give me the SS's so I can sort things out.

Then run the programs that fixed problems.
1: Run AdwCleaner
2: Run ESET
4: Run ComboFix

If still having problems after all of the above, test if Avast is a problem by uninstalling & turning the Internet off during the test.

Don't like to say much more, because I'm doing it from memory & probably will miss something.

The dump/dmp files will be needed, if the comp still freezes after the Avast test.


Report •

#100
December 2, 2012 at 21:25:06
"So you're telling me that because I ran the install file from my Downloads folder instead of the Desktop that it didn't display content inside the install windows?"

That's my guess, try it.


Report •

#101
December 2, 2012 at 22:04:01
Okay,,I'll follow post #99 first.

I'll "try" post #100 when I get a chance. I still have Ultrasearch installed at the moment, and it seems able to run without re-installing Funmoods. But since I'm not using it yet, it seems maybe I should just uninstall it, and do the trial install from the desktop sometime later. But knowing how many ways there are to uninstall things, some more efficient than the other,,I'm not entirely sure which way to use. Or is it one of those programs that doesn't "install", but only runs when called on manually?

Okay, I see it in "Programs", and it has its own uninstaller. Does that mean it should be used, instead of "Add/Remove Programs"? I've never quite been clear about that, since it doesn't seem consistent, from one program to the next. Sometimes, for instance, even though things can be uninstalled through either method, there are independent, program specific uninstallers out there to get rid of all the artifacts/relics, whatever.

If I were to do it without help, I'd probably opt for the uninstaller found in Programs. What would you do? Or should I just leave it and worry about it later, after I do all the stuff in #99?


Report •

#102
December 2, 2012 at 22:35:11
Okay,,firstly, the RK report:

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Bobby Boombatz [Admin rights]
Mode : Scan -- Date : 12/02/2012 22:24:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\69617853 (E:\WINDOWS\system32\drivers\26924203.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\69617853 (E:\WINDOWS\system32\drivers\26924203.sys) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> C:\Documents and Settings\Default User\NTUSER.DAT
-> C:\Documents and Settings\All Users\NTUSER.DAT
-> C:\Documents and Settings\Robert Laughlin\NTUSER.DAT
-> C:\Documents and Settings\Robert Laughlin.DMLCOMPUTERS2\NTUSER.DAT
-> C:\Documents and Settings\test\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> E:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y060L0 +++++
--- User ---
[MBR] fbdc6509cc54dc40903facee25de07cf
[BSP] 41030222aa1a9e2509c12f52886e0d37 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 38632 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160023A +++++
--- User ---
[MBR] 731a234a95cc259acc22092f1ab1c0d0
[BSP] 7146848f8e13b0b0000ed06b55c04dcc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 151997 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_12022012_02d2224.txt >>
RKreport[1]_S_12012012_02d1748.txt ; RKreport[2]_S_12022012_02d2224.txt


Report •

#103
December 2, 2012 at 22:35:45
"What would you do?"
You can do it now.

Always more than 2 ways to do everything on a comp.

To really remove as much as possible from an uninstall, I use this.

Revo Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
Open Revo, double click on a program logo, click > Yes & then you get your options, with Advanced down the bottom.
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.

http://i.imgur.com/Rkkna.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif


Report •

#104
December 2, 2012 at 22:51:57
Now here's the screen shots of the process: {This may be redundant, since the "report" (which I seem to think I sent you once already) has the same information, just in text form, I think.}

Not knowing which format to send them in,,"BBCode" or "Linked BBCode", and having 4 shots, I'll have to post 8 links:

For Shot #1:

[IMG]http://i.imgur.com/GIaAZ.png[/IMG], or [URL=http://imgur.com/GIaAZ][IMG]http://i.imgur.com/GIaAZ.png[/IMG][/URL]

Shot #2:

[IMG]http://i.imgur.com/JxYoS.png[/IMG], or [URL=http://imgur.com/JxYoS][IMG]http://i.imgur.com/JxYoS.png[/IMG][/URL]

Shot #3:

[IMG]http://i.imgur.com/FzQTo.png[/IMG], or [URL=http://imgur.com/FzQTo][IMG]http://i.imgur.com/FzQTo.png[/IMG][/URL]

Shot # 4:

[IMG]http://i.imgur.com/keRBB.png[/IMG], or [URL=http://imgur.com/keRBB][IMG]http://i.imgur.com/keRBB.png[/IMG][/URL]

I don't know if you can read the text in the screen shot. I can't.

Tell me what to do if I did it wrong.

Notice I did not take SS's of the tabs with no content.


Report •

#105
December 2, 2012 at 23:13:24
So,,I dl'd Revo, ran it, and it froze just after I gave it the go-ahead on Ultrasearch, in advanced mode. Then, when I restarted, the computer wanted to do a disc check on drive C (the boot drive, which has W2K, and the XP boot. XP, the OS I use, is on drive "E".)

So, here I go again, trying the uninstall for the 2nd time,,


Report •

#106
December 2, 2012 at 23:18:41
"This may be redundant"
Correct, on more than one count, you did not have the issues in posts #46 & #48, which is why I wanted the SS's.

Shall get back to your other issues, soon as I can.


Report •

#107
December 2, 2012 at 23:20:27
"So, here I go again, trying the uninstall for the 2nd time,
Try it in Safe mode if it dos'nt work in Normal.

Report •

#108
December 2, 2012 at 23:23:32
Okay,,ran Revo, uninstalled Ultrasearch, and now I'll re-install, from one of your suggested sources, from the desktop.

Report •

#109
December 2, 2012 at 23:39:32
"I don't know if you can read the text in the screen shot. I can't"
I can.

Will now try to work out why you did'nt send live links, like mine.


Report •

#110
December 2, 2012 at 23:48:17
Okay,,ran Ultrasearch (successful download) and found NO "Minidump", and NO "MEMORY.DMP". Either they exist on the C drive (FAT32), or I don't have them. At any rate, they're not on the drive with XP ("E").

Report •

#111
December 2, 2012 at 23:54:32
Ok shall address that soon.

Save me going through everything again, is w2000 on one hard drive & XP on another?


Report •

#112
December 2, 2012 at 23:56:35
If the folders are empty > Right click on My Computer and select Properties.
Then select Advanced system settings Tab on the left menu.
Under the Startup and Recovery section, click on Settings.
Make sure "Write an event to the system log" is checked and "Automatically Restart" is unchecked. In the drop down menu under "Write Debugging Information," select Small memory dump (128 KB) press OK and OK again.
Now next time the comp has a problem, get the EXACT error message off the screen & see if there is a .dmp file in the Minidump folder.
If it is still empty, repeat the process, but change > Small memory dump (128 KB) to > Kernel memory dump.

Report •

#113
December 2, 2012 at 23:58:25
"Will now try to work out why you did'nt send live links, like mine."

I don't know which ones those are. I was following the instructions of my son, who told me to use the "BBCode" links, for forums (as is stated). Here, I'll show you:

http://i.imgur.com/5HpeI.png

Is that the one? See the choices at the right? Which one do you use?


Report •

#114
December 2, 2012 at 23:59:27
"At any rate, they're not on the drive with XP ("E")."
Yep, that is the only drive I am interested in.

Report •

#115
December 3, 2012 at 00:02:03
Click on the third box/tab as per my SS to get live links.
http://i.imgur.com/TTVsl.gif

Report •

#116
December 3, 2012 at 00:05:24
"Save me going through everything again, is w2000 on one hard drive & XP on another?"

What's better for you, or rather, for this site,,this one:

http://i.imgur.com/qInD3.png

or this one:

http://imgur.com/qInD3

Okay, I see you answered that ^

Let me go open IMUGR again and check which one that is,,

Third box down is this one:

"HTML Image (websites & blogs)"

<img src="http://i.imgur.com/8BPgD.png" alt="" title="Hosted by imgur.com" />

right?

I like the look of the 1st one best, but then, it's not a true "screen grab", since it doesn't include some of the actual screen.


Report •

#117
December 3, 2012 at 00:17:56
"Click on the third box/tab as per my SS to get live links.
http://i.imgur.com/TTVsl.gif"

Okay,,I see now. I neglected to download "Image Uploader". I'll do that now.


Report •

#118
December 3, 2012 at 00:31:46
Okay,,how's this:

[url=http://i.imgur.com/3Vjek.gif][img]http://i.imgur.com/bVs1Z.jpg[/img][/url]

Also,,I just lost my bookmarks toolbar on FF. Hmmm,,how'd that happen,,and where's the menu,,hmm,,

I'm seeing "hide toolbars" when I right-click on the empty space at the top of the page (next to the tab that's open), it's unchecked, but the bookmark toolbar is missing,,hmmm,,

Looking for it,,

Also,,I noticed, just in the past few minutes, that my taskbar isn't coming up (it's on auto-hide) when I roll my cursor to the bottom of the page. I tried making it permanently on top, even unchecking and re-checking boxes,,etc., but no taskbar,,unless I minimize the open window.

And what's "lock the taskbar" do?

Seems like things are screwing up, when I can't get to my taskbar, or my bookmarks.

going looking,,


Report •

#119
December 3, 2012 at 00:36:57
"[url=http://i.imgur.com/3Vjek.gif][img]http://i.imgur.com/bVs1Z.jpg[/img][/url] "
Nope, still not a live link.
http://i.imgur.com/PujnZ.gif

Report •

#120
December 3, 2012 at 00:39:54
"What's better for you, or rather, for this site,,this one:
http://i.imgur.com/qInD3.png
or this one:
http://imgur.com/qInD3"

Both good for me, cleared my head.


Report •

#121
December 3, 2012 at 00:49:42
"[url=http://i.imgur.com/3Vjek.gif][img]http://i.imgur.com/bVs1Z.jpg[/img][/url] "
Nope, still not a live link.
http://i.imgur.com/PujnZ.gif

Well,,that's what "Image Uploader" shuffled me. I must not have asked the right questions, or clicked the right buttons.

I got those other links right off the imgur site.

My son helped me find the "F11" key, which gave me back my bookmark bar. And now, I've also got the taskbar back,,took it off auto-hide (since it wasn't "un-hiding"). I don't know why, but even though "keep the taskbar on top of other windows" was checked, I wasn't seeing the taskbar on top of FF.


Report •

#122
December 3, 2012 at 00:53:21
And here's yet another issue.

When I open Computing.net, and try to log-in again, I often get this little annoying pop-up advertisement, right over the "Log-In" button, just as I'm moving the cursor over it. Then, if I click before it goes away, I get another site opening.

I thought I had pop-up protection through FF. I have that add-on "AddBlockPlus".


Report •

#123
December 3, 2012 at 00:53:51
Might be time to do a reboot.

Report •

#124
December 3, 2012 at 00:57:53
After the reboot, do these.

Then run the programs that fixed problems.
1: Run AdwCleaner
2: Run ESET
4: Run ComboFix


Report •

#125
December 3, 2012 at 01:01:04
Okay,,I figured out "Image Uploader",,

http://i.imgur.com/8Bw1x.gif

("3rd tab", like you said. I thought you were referring to the third box from the list on the right, in imgur.)


Report •

#126
December 3, 2012 at 01:21:08
I still haven't uninstalled the present Combofix package.

I just rebooted. It froze while I was trying to show you something else, something about the startup tab in msconfig. While I was in there, earlier, I set the startups not to startup, except for Avast. Here's the screengrabs:

http://i.imgur.com/88eHC.gif

http://i.imgur.com/9lIzy.gif

I did that because I don't like all those things slowing down the boot.

However,,there are a couple of things on the list that I'm not sure if they need to be there,,

namely, "VTPreset", and "ctfmon", actually "jusched" as well. Do these need to startup? I think one of the messages I got recently was that my Java was not up to date. I have version 6 ,update 37. Ought I look for a newer version?

So, after disabling those from startup, I began, upon each reboot, to get this:

(wait for it, I have to reboot to get it back)

http://i.imgur.com/KFtaf.gif

and clicking OK, I get this:

http://i.imgur.com/gbHoa.gif

It seems to want me to click "normal setup", otherwise, if I just click "okay", I get ushered into another reboot, where I am confronted with the same messages. The only way to keep that from happening is to click "cancel", in order to preserve my choice to suspend those proggies from being loaded in systray, lengthening the boot somewhat.



Report •

#127
December 3, 2012 at 01:35:57
So,,per your instruction, I'm re-running AdwCleaner, and ESET. I haven't yet uninstalled Combofix, as it looks to be tedious and extensive in scope, from your many links regarding it's uninstallation. And I'm assuming you don't want me running Combofix unless it's fresh, right?

Report •

#128
December 3, 2012 at 01:49:42
Here's the AdwCleaner log:

# AdwCleaner v2.007 - Logfile created 12/03/2012 at 01:44:04
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bobby Boombatz - JOSEPHINE
# Boot Mode : Normal
# Running from : E:\Documents and Settings\Bobby Boombatz\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\extensions\staged

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : E:\Documents and Settings\Bobby Boombatz\Application Data\Mozilla\Firefox\Profiles\5kdb64vm.default\prefs.js

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1354476276);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1354476276");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1354476276");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Mon Dec 03 2012 01:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sun Dec 09 2012 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1354527481");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%22100086%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1354476326552");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221322%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22114376%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1354476299442");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "41");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Mon Dec 03[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 17);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 41);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13b5c163b6b858e91b7abd628d8345c8");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1354476271);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22575337);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22575458);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);

*************************

AdwCleaner[R1].txt - [4197 octets] - [30/11/2012 00:26:11]
AdwCleaner[R2].txt - [4257 octets] - [30/11/2012 00:31:48]
AdwCleaner[R3].txt - [1078 octets] - [30/11/2012 00:41:47]
AdwCleaner[R4].txt - [21266 octets] - [02/12/2012 11:04:08]
AdwCleaner[S2].txt - [4411 octets] - [30/11/2012 00:32:24]
AdwCleaner[S3].txt - [21865 octets] - [02/12/2012 11:05:25]
AdwCleaner[S4].txt - [12442 octets] - [03/12/2012 01:44:04]

########## EOF - E:\AdwCleaner[S4].txt - [12503 octets] ##########


Report •

#129
December 3, 2012 at 01:54:05
"And I'm assuming you don't want me running Combofix unless it's fresh, right?"
Correct.

Report •

#130
December 3, 2012 at 02:00:00
Instead of MSconfig.

Use the program you like, but hardly use.

http://i.imgur.com/aDgJK.gif


Report •

#131
December 3, 2012 at 02:05:53
"namely, "VTPreset", and "ctfmon", actually "jusched" as well"

http://is.gd/QQcytF

http://is.gd/dCgYRX

http://is.gd/FPJSlt


Report •

#132
December 3, 2012 at 02:11:49
Your post #56 shows what needs updating, leave that job until we finish the removing of the badies.

Java(TM) 6 Update 37
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 16.0.2 [color=red][b]Firefox out of Date![/b][/color]


Report •

#133
December 3, 2012 at 02:53:41
Combofix uninstall.
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
How to uninstall combofix
http://www.bleepingcomputer.com/com...

Report •

#134
December 3, 2012 at 09:31:59
Okay,,back at it,,or at least until further duties require my absence.

Last night, before I went to bed, I started ESET scan, but it didn't make it through the scan without freezing.

So today I'm gg to "create a ESET SysRescue CD or USB drive", and try again.

Should I do this before or after I disembowel Combofix?


Report •

#135
December 3, 2012 at 09:50:21
This is post #135 so forgive me if I cover something that was already addressed.

Have you tried to re-seat all your RAM and have you run memtest 86+ from a boot disk on the RAM.

I suggest you first run memtest86+ from a boot disk. Run all night to be sure all the memory addresses were checked at least once. No memory errors are acceptable.

If errors are found then try snapping each module in and out 4 or 5 times to burning the contacts. Then rerun memtest overnight. If you still generate errors then pull all but the RAM in the first slot out and run the test again. Repeat with each module, one by one to find the defective RAM module. If more than one stick generates errors then try those sticks in different slots. Could be a bad slot.

If the RAM passes the first overnight test then I suggest you stop beating the horse and re-install WinXP. Run WinXP without all your programs installed to determine the stability of the bare OS. If all is good then add programs that you run a boot one by one to see if they are the problem. Eventually you will have the system back to full install of everything.


Report •

#136
December 3, 2012 at 10:10:10
Thanks OT. I'll try that, if everything else fails, or maybe even if it doesn't.

Whew. Long thread.


Report •

#137
December 3, 2012 at 12:24:25
" disembowel Combofix?"
Do it now.

" I started ESET scan, but it didn't make it through the scan without freezing"
Use Safe mode on anything that won't run.


Report •

#138
December 3, 2012 at 15:03:15
" disembowel Combofix?"
Do it now.

Don't know how to interpret that. Do what now? Uninstall Combofix, or make a CD/USB version of ESET and run it from that?

My sentence was,,"Should I do this before or after I disembowel Combofix?"

So, does the "Do it now" refer to what I was doing ["Should I do this (ESET scan from CD/USB),,

or does it refer to the two words you picked from that sentence ("disembowel Combofix")

at any rate, it's moot.

I already went ahead to uninstall Combofix. Now I'm preparing to make either USB sticks or CD's of both ESET and memtest86 (per OTH).

Sucks that I just tried ESET again, and yet again it froze mid-scan, at around 1:15. It had found one item so far, which it called "Win32/DownloadAdmin.E" (application), though I have no idea how that knowledge is going to help me if the program freezes before doing its cleanup.

So yeah,,it's back to the CD/USB plan, but in the mean time, I'll try safe mode.

Plus, I'm gonna also take this puppy out on the back porch and do some physical work on it, per Derek and OTH recommendation, see what happens.

One thing I would like to know:

Does ESET, once initialized, need an internet connection? Or, as I once did when using TrendMicro online scans, can I disconnect from the internet while scanning.

In fact, do ANY of these malware programs need to be connected to the internet, once having updated them with the latest databank?


Report •

#139
December 3, 2012 at 15:44:57
New plan of attack:

Just decided to firstly uninstall Avast, and install MSE, since, as JohnW said, Avast could be "buggy/corrupted".

I was just in safe mode, attempting yet another scan with ESET, and after I got the scan running, remembered that I had neglected to put Avast on standby during the scan, so I tried opening Avast, to disable real-time protection until reboot, and it froze the scan, the screen, the whole thing just froze up again, so I had to reboot. This time I was going to put Avast on hold, but thought maybe it was responsible ("buggy") for causing the freezes.

So I think I'll dump Avast, just for good measure, and download MSE, before I do another ESET scan.


Report •

#140
December 3, 2012 at 16:52:52
Uninstalled Avast, Installed MSE.

However, on installation, the computer froze again while MSE was doing a "1st scan" of the computer. I wrote down the info about what it was scanning when it froze.

but on reboot, the new MSE icon in the systray says I'm "protected".

But since it didn't get a chance to fully scan, I think I'll uninstall it and then install it again, both in safe mode, if that's possible.

But it may be that Avast wasn't "buggy" or causing the freezing after all?


Report •

#141
December 3, 2012 at 17:06:50
Have to say I've never found Avast or MSE to be particularly buggy - they all have their moments I guess.

Maybe best to leave MSE as is for now and check out some of the more general things that have been mentioned (assuming there are some left). Bedtime looms again....

Always pop back and let us know the outcome - thanks


Report •

#142
December 3, 2012 at 17:35:09
Well,,I liked Avast,,,but I'm always up for something new, in the name of learning.

And, as JohnW stated,,I can "always go back to Avast".

I just hope I'm not supporting a world-wide conspiracy to make Microsoft both omnipotent and omniscient,,oh,,and omnipresent as well.

Have a good sleep, Derek.


Report •

#143
December 3, 2012 at 17:39:38
So,,what I just accomplished:

I uninstalled Avast.

I installed MSE.

I uninstalled MSE.

I re-installed MSE (this time the scan finished uninterrupted,,yay)

I'm feeling sooo "protected", like I'm all snuggled up in a big, fuzzy blanket now.

Thanks JohnW, for saving me from the evil "Pirates of Avast". They had almost turned me to the dark side,,


Report •

#144
December 3, 2012 at 18:07:55
Hey kids,,

Guess what?

You know how, when you've had a computer for years, and kind of get to know it "intuitively", "instinctively", and, well,,"intimately". That's how I know that I think something has worked here. I think it's because I'm not hearing any of those "busy" sounds over on the hard drives now. I think this MSE is simply "cleaner" than what went before.

I may be blowin' smoke up my tookas, but I think this is an improvement.

But then, it could also just be the "new car smell". Time will tell.


Report •

#145
December 3, 2012 at 19:05:40
Probably would have been easier to re-install, LOL. Quicker too.

Report •

#146
December 3, 2012 at 20:51:38
Actually, I agree.

I did learn a lot through this experience, however. Some of it I'm still digesting.


Report •

#147
December 3, 2012 at 23:03:54
Been out for most of the day, be interesting to see how it goes.

Still worth running ESET & Combofix.


Report •

#148
December 4, 2012 at 01:34:23
I just tried running ESET, again, in normal mode, and it froze. I think I started it once or twice and had to stop the scan, because I forgot to disable the realtime anti-virus, and then I began to worry about being connected to the internet with no realtime antivirus protection, so I figured I should run the scan offline,,but then I realized that the scan has to initiate online, download some stuff, and then commence scanning.

Finally, I just disabled MSE in realtime, quickly got ESET started, and then, when it was through downloading updates and such, and began scanning, just unplugged from the network.

Still,,it froze again, at around an hour in.

It's done that almost every time I've run it in normal mode, except maybe that once, when I got the logs.

Then, I got it to work in safe mode, and it fixed a couple of things allegedly.

But I haven't run Combofix again yet. I'm afraid it would also freeze during a scan.

So, I have to get the CD or USB drive made with Combofix on it, and the same with ESET, I suppose.


Report •

#149
December 4, 2012 at 02:15:25
If you can get something happening with the dump/dmp file side of things, that will tell me where the problem is.

Report •

#150
December 4, 2012 at 06:13:21
Okay,,doing an "Ultrasearch" on drive "E" (XP) for ".dmp", we get the following 3 views of the same result:

http://i.imgur.com/OM76i.gif

http://i.imgur.com/7nyeN.gif

http://i.imgur.com/5tzUo.gif


Report •

#151
December 4, 2012 at 07:02:22
Just to add:

"I began to worry about being connected to the internet with no realtime antivirus".
Best be safe but if it is only brief while you get something from a known safe website you would have to be darned unlucky to cop something.

Unfortunate thing about this post is that we still don't really know whether it is a software or hardware issue. Let's hope the dump file proves something.

Always pop back and let us know the outcome - thanks


Report •

#152
December 4, 2012 at 07:24:42
I recommend you run the memtest86+ utility before expending anymore energy on trying to fix Windows.


Report •

#153
December 4, 2012 at 11:36:23
"Okay,,doing an "Ultrasearch" on drive "E" (XP) for ".dmp", we get the following 3 views of the same result:"
Yep, nothing there.

Could I have a SS of your Startup and Recovery page please.

Right click on My Computer and select Properties.
Then select Advanced system settings Tab on the left menu.
Under the Startup and Recovery section, click on Settings.
http://screenshots.leeindy.com/syst...


Report •

#154
December 4, 2012 at 11:48:01
I'm prone to do what OTH is suggesting. I've had help from him before, here, on this site.

I'm a bit rusty at making boot discs. I just recently made an ISO CD for the first time, in order to boot into a Seatools diagnostic environment, to do some disc checking. It turned out quite simple and easy to do, but the devil is always in the details, so it takes me a "minute" to come up to speed every time I do something I've only done once or twice.

I do recall that, since my only copy of "Easy CD Creator" is on my W2K partition, and I hardly go there much anymore, because everything on it is OLD this and OLD that, out of date. (Old Java. Old Flash. Old Old Old. And try looking for things that run with W2K,,there's increasingly diminishing support,,you know the drill.),,I did have to go looking for a stand-alone burner proggie, and happened upon a free "isoburner" program that doesn't install, just runs. I forget the name of it, offhand. As I seem to recall, it was a man's name.

But at any rate, once I'm up and running today (just now getting up. sleep issues), I'm making it a priority,,after I take this puppy for a spin on the back porch, dusting and re-seating, I'm going looking for that software again, or something else, to create a couple or three boot discs (or USB drives maybe), one for Combofix, one for ESET scanner, and one for memtest86+ utility.

It still freezes,,though I think less than before, possibly.


Report •

#155
December 4, 2012 at 11:53:48
(I didn't mean to time that last post to seem as if I'm contradicting Johnw's suggestion in the previous post. I hadn't seen John's post yet when I posted it.)

So,,here I go,,an "SS" of my startup and recovery page. Wait for it,,

Could I have a SS of your Startup and Recovery page please.

Right click on My Computer and select Properties.
Then select Advanced system settings Tab on the left menu.
Under the Startup and Recovery section, click on Settings.

Here's the results:

http://i.imgur.com/twWUj.gif

http://i.imgur.com/RizJz.gif

http://i.imgur.com/hWVEY.gif


Report •

#156
December 4, 2012 at 12:16:02
Get memtest86+ from the link below. The program come zipped. Unzip to a flash drive under WinXP.

http://www.memtest.org/#downiso


Report •

#157
December 4, 2012 at 12:30:21
"Here's the results"
Thanks, as far as I know, you have never done my post #112.

Report •

#158
December 4, 2012 at 12:56:09
Put > pagefile < into UltraSearch & give me a SS please.

Report •

#159
December 4, 2012 at 14:10:33
Johnw:

Here's post 112:

#112

Johnw December 2, 2012 at 23:56:35 Pacific

" If the folders are empty > Right click on My Computer and select Properties.
Then select Advanced system settings Tab on the left menu.
Under the Startup and Recovery section, click on Settings.
Make sure "Write an event to the system log" is checked and "Automatically Restart" is unchecked. In the drop down menu under "Write Debugging Information," select Small memory dump (128 KB) press OK and OK again.
Now next time the comp has a problem, get the EXACT error message off the screen & see if there is a .dmp file in the Minidump folder.
If it is still empty, repeat the process, but change > Small memory dump (128 KB) to > Kernel memory dump."

What "folders" are we talking about here. I mentioned one folder, the "Minidump" folder, the only one I found, not using "Ultrasearch", but manually, using Windows Explorer (because that folder exists on a FAT32 drive, which Ultrasearch does not search). That folder, whenever I check it, has always been "empty".

Is that the "folders" you are referring to? Should I still perform the details to your post?


Report •

#160
December 4, 2012 at 14:13:51
"Johnw December 4, 2012 at 12:56:09 Pacific

Put > pagefile < into UltraSearch & give me a SS please."

Here:

http://i.imgur.com/kNeE4.gif


Report •

#161
December 4, 2012 at 14:19:12
"Is that the "folders" you are referring to? Should I still perform the details to your post?"
Yes, yes.

Report •

#162
December 4, 2012 at 14:21:25
OtheHill December 4, 2012 at 12:16:02 Pacific

"Get memtest86+ from the link below. The program come zipped. Unzip to a flash drive under WinXP.

http://www.memtest.org/#downiso"

Okay,,but which zipfile, the ISO, or the "binary"?

(I'm guessing the "ISO"?)

http://i.imgur.com/TZMGv.gif


Report •

#163
December 4, 2012 at 14:36:03
#161

Avatar Johnw December 4, 2012 at 14:19:12 Pacific

"Is that the "folders" you are referring to? Should I still perform the details to your post?"
Yes, yes.

Okay, okay.

But one detail raises a question:

Here's an excerpt from your request:

In the drop down menu under "Write Debugging Information," select Small memory dump (128 KB) press OK and OK again.

The request doesn't match what I'm seeing, in one small detail:

http://i.imgur.com/OSsFP.gif

as you can see, the drop down menu lists "Small memory dump (64 KB), and there's no option for (128 KB). Should I still press OK? (The only other options are "Kernel Memory Dump", or "Complete Memory Dump".)


Report •

#164
December 4, 2012 at 14:52:19
Here is another excerpt.

If it is still empty, repeat the process, but change > Small memory dump (128 KB) to > Kernel memory dump."

The variation is probably due to a different version of Windows.

So to be really clear, you now proceed with > Kernel memory dump.


Report •

#165
December 4, 2012 at 14:53:08
3 SS's please.
Go to Control Panel > System > Advanced > Performance > Settings. SS > Visual Effects.
Go to Control Panel > System > Advanced > Performance > Settings > Advanced SS
Go to Control Panel > System > Advanced > Performance > Settings > Advanced > Change SS

Report •

#166
December 4, 2012 at 15:21:33
ISO in .zip format for USB stick.

Report •

#167
December 4, 2012 at 15:48:30
Thanks OTH,,got it, I think.

John:

#112

Johnw December 2, 2012 at 23:56:35 Pacific

If the folders are empty > Right click on My Computer and select Properties.
Then select Advanced system settings Tab on the left menu.
Under the Startup and Recovery section, click on Settings.
Make sure "Write an event to the system log" is checked and "Automatically Restart" is unchecked. In the drop down menu under "Write Debugging Information," select Small memory dump (128 KB) press OK and OK again.
Now next time the comp has a problem, get the EXACT error message off the screen & see if there is a .dmp file in the Minidump folder.
If it is still empty, repeat the process, but change > Small memory dump (128 KB) to > Kernel memory dump.


So,,the trouble with this is that I'm NOT getting any "error messages" "off the screen", because all the computer does is go into screen/mouse/keyboard freeze, no "messages". It just froze again, when I took a break to take a shower. No "message", just frozen, so I restarted.

And nothing in that "C:\WINNT\Minidump" folder.

Nada.

So,,anyway,,I'll go change "Small memory dump (64 KB)" to "Kernel memory dump", regardless.

Like this?

http://i.imgur.com/TFkE5.gif


Report •

#168
December 4, 2012 at 16:02:21
On to post 165,,

165
Johnw December 4, 2012 at 14:53:08 Pacific

3 SS's please.
Go to Control Panel > System > Advanced > Performance > Settings. SS > Visual Effects.
Go to Control Panel > System > Advanced > Performance > Settings > Advanced SS
Go to Control Panel > System > Advanced > Performance > Settings > Advanced > Change SS


http://i.imgur.com/DDH75.gif

http://i.imgur.com/iCg2m.gif

http://i.imgur.com/zozsg.gif

There y' go.

FYI, I backed out of the last window without ok'ing ("change"), hitting "cancel" on the way out. Was I supposed to "OK" my way out?


Report •

#169
December 4, 2012 at 16:06:32
And nothing in that "C:\WINNT\Minidump" folder.
That is your W2000 drive.

Report •

#170
December 4, 2012 at 16:08:44
http://i.imgur.com/zozsg.gif
That is your W2000 drive.

Report •

#171
December 4, 2012 at 16:11:44
OTH:

"ISO in .zip format for USB stick."

(see image)
http://i.imgur.com/gnVlD.gif


Report •

#172
December 4, 2012 at 16:17:32
Johnw:

And nothing in that "C:\WINNT\Minidump" folder.
"That is your W2000 drive."


That's obvious.

As I stated before,,that's the only place on the computer where there's a folder called "Minidump".

You asked for a "folder" called "Minidump", that was "empty". that's it.

There are no other "folders" that I am aware of that you could be referring to.

I'm very confused. Please clarify, give direction, instead of simply stating the obvious.


Report •

#173
December 4, 2012 at 16:18:54
I'll be back in ten minutes.

Report •

#174
December 4, 2012 at 16:26:39
"That's obvious"
This is one of the big disadvantages of partitioning, it gets unbelievably messy.

You now need to go back to my post #86 Refer xp minidump & xp memory.dmp file & do some reading to work out what to do, otherwise I shall be typing for hours.


Report •

#175
December 4, 2012 at 16:32:46
I'll give it a try. Can't hurt to learn something,, = O

Report •

#176
December 4, 2012 at 16:40:09
I might mention,,I keep getting a little, square pop-up advertisement (not every time, either), when I go to log-in. It shows up, right when I'm moving my cursor over to the "Log-In" button, after putting in my nym and password. It often shows up as I'm moving down to input the password also. It's a sneaky little b---tard, and sometimes just as I'm about to click,,there it is,,underneath my cursor. I accidentally clicked on it once or twice, and got a webpage. It's very irritating. Is that something on your site, that produces revenue, or is it something on my end?

(And by the way, I've asked many such questions in the process of this interaction between us, without a response from anyone. So don't feel like "The Lone Ranger" if you aren't getting responses from me. I'm often getting the same from you. I have no idea whether at this point I should suddenly call you "arrogant", or "insensitive", or some other appropriate word, as you did with me, for having not seen the same things you were seeing.)


Report •

#177
December 4, 2012 at 16:45:05
Ads are how Computing.net pays the bills. There are ad blockers but I wouldn't recommend installing any at this time. Some of the more irritating ads will open if you simply pass the cursor over them.

Why don't you save your log-in information so you don't need to enter it each time. I haven't typed mine in a long time.

Some cleaners, like Ccleaner Slim will remove passwords if you don't exclude them.


Report •

#178
December 4, 2012 at 16:55:11
If there are outstanding unanswered questions then list them out. Sorry but this thread is far too long for anyone to go searching for them.

Maybe they were questions that had no obvious answer or possibly they got missed.
If they are heaped together we can at least try.

You mentioned pop-ups. I do believe there might be some on this forum because I have seen mention of them from time to time. I don't see them because I've taken steps to get shot of most of those sort of things on any website. I doubt they are anything to do with your particular computer.

EDIT:
Overlapped with above post - both typing together I suspect.

Always pop back and let us know the outcome - thanks


Report •

#179
December 4, 2012 at 16:58:02
Every time I log in, I see this "remember me?" thing, and it's always checked, but still, my password isn't right, so I have to re-enter it correctly. I don't know how to eliminate this problem and just do it like you. (OTH)

The only thing that happens automatically when I log in is that I can tap a couple of times on the "Name" portion, and a drop-down brings up my nym, to select. But still, the pw is wrong, for some reason. I think I changed it once, recently, since I hadn't been to the site in a while, and forgot the old one.


Report •

#180
December 4, 2012 at 16:59:54
If you are using CCleaner, have you excluded cookie clearing from this website?
That might be part of the problem.

Always pop back and let us know the outcome - thanks


Report •

#181
December 4, 2012 at 17:03:27
I've not been very "cautious" with CCleaner. I understand so little of what it needs to do, that I've just been giving it the "Full Monty", "Carte Blanche", to "do what it needs to do". I've been more anxious to get rid of infection then to preserve any sort of ID checking.

It's probably because inwardly, I've been leaning toward a full re-install, so I didn't see any need to "preserve" things.

I'm just giving Johnw a chance to prove his metal,,lol.

(Don't take that wrong, John. I'm not trying to "bust your b***s. I really am interested in the malware cleaning process. I just try to keep "minimal dependency" with anything on the computer, not wishing to become too "attached" to it, fully realizing just how volatile things are in this media. I've been through several full re-installs since 1995, when I was given an Acer. Since that time, we've always built our own, with my older son's help. Actually, it's been pretty darn stable over the years, since giving up W98 for W2K. But since 2K is pretty much obsolete, I was dragged kicking and screaming into an XP partition install, just to keep a foot in the older OS, in case I forgot something.)


Report •

#182
December 4, 2012 at 17:03:42
If you use Ccleaner and need help then post back saying so.

Report •

#183
December 4, 2012 at 17:13:54
I will,,but then,,this thread,,,when will it ever end,,lol.

Report •

#184
December 4, 2012 at 17:26:09
The cookies thing won't take a jiff. Open CCleaner then go to the Tools icon, then the cookies button.

On the left you will see all the cookies in use and on the right those that you have saved (if any). To keep it simple, left click any cookies on the left that contain computing.net then hit the Add button. They will then move to the right and be saved.

Bedtime - CU.

Always pop back and let us know the outcome - thanks


Report •

#185
December 4, 2012 at 17:38:57
Derek December 4, 2012 at 17:26:09 Pacific

The cookies thing won't take a jiff. Open CCleaner then go to the Tools icon, then the cookies button.

On the left you will see all the cookies in use and on the right those that you have saved (if any). To keep it simple, left click any cookies on the left that contain computing.net then hit the Add button. They will then move to the right and be saved.

Bedtime - CU.

There's no "cookies" button in "Tools".

http://i.imgur.com/cyZgU.gif

I do see one in "Options", but this site isn't listed. In fact NO sites are listed "on the left". Hmm,,:

http://i.imgur.com/dUD3O.gif


Report •

#186
December 4, 2012 at 17:47:57
"You now need to go back to my post #86 Refer xp minidump & xp memory.dmp file & do some reading to work out what to do, otherwise I shall be typing for hours."

So, instead, I'll be "reading for hours",,lol.

It doesn't seem to me that there's much in the way of explanation, when someone has created a dual-boot environment. So far, all they reference is a "standard" installation, where the "C" drive is central to the operation.

So far, I haven't found any coverage for my situation, since you keep stating that I'm not to consider the "C" drive, but rather, the "E" drive, where XP is installed.

(Actually, I'm not so clear that there isn't at least some boot information about XP on the "C" drive. At this point, my understanding is that the boot info is ON the "C" drive, causing it to boot, by choice (the "boot choice" option that comes up during boot), to the "E" drive, if "XP" is chosen. "XP", or "E", is the default choice, if the boot is left to run on its own. But I suspect that information is located on the "C" drive, the original boot drive.)


Report •

#187
December 4, 2012 at 17:58:31
Re #185

I shouldn't have had that last look back LOL
My bad - I should have said Options.
Won't try thinking further now, I'm obviously tiring (2am looming).

Nite

Always pop back and let us know the outcome - thanks


Report •

#188
December 4, 2012 at 18:36:09
Well,,I'm still reading,,have a good sleep.

I'm leaning more and more towards just a complete abandonment of the past, and radical disembowlement of the complete system, with a simple re-install of XP.

I've always though partitions were good, giving people more choices, etc,,but now,,

Even if I didn't dual-boot, isn't it a good idea to keep the OS on a separate partition from data? programs?

Puzzlement,,


Report •

#189
December 4, 2012 at 18:53:47
Otay. Taking a break.

Report •

#190
December 5, 2012 at 04:45:35
Back home again, going to bed soon.

"isn't it a good idea to keep the OS on a separate partition from data? programs?"
I gave that away 10 years ago, once you have problems, it's too hard.

I keep it simple, by not partitioning any drives.

I have 2 HDD's installed. I set W7 in the bios to boot by default.
Disk 1 ( Sata ) has W7.
Disk 0 ( IDE ) has XP & Ubuntu ( using Wubi ) Also all the backup's of my important stuff from Disk 1.


Report •

#191
December 5, 2012 at 05:17:46
The main reason to partition is to make backing up a faster simpler process.

With the size of current hard drives a full backup of a 1TB drive can take forever and remember, you need to have the space to store that backup.

Your OS is the thing that changes the most. Then your documents folder. Installed programs don't change much, if at all. Once the programs are installed, you may not add anything for a long time. So why back up those items regularly. I recommend multiple partitions.

OS, personal files, programs, possible second OS.

Each of these partitions needs backing up at different intervals. Restoring, should it be necessary is easier too. Only need to restore the affected partition.

Of course, if one does not backup anything then 1 large partition is fine.

See partitioning strategies in the link below for more on partitioning.

http://radified.com/index2.html


Report •

#192
December 5, 2012 at 06:05:57
Just a quickie re CCleaner and cookes.

I suspect the reason no cookies were showing is that the cleaner was run at some time after being online (thereby removing them) but before checking in CCleaner.

Try looking immediately after you close the browser (or just minimize it).

Always pop back and let us know the outcome - thanks


Report •

#193
December 5, 2012 at 06:19:26
Shuttle was involved in a class action lawsuit years ago concerning bad capacitors. My son had a shuttle board that died of that cause.

You should probably check the board for bad caps. See the link below so you know what you are looking for.

https://www.google.com/search?q=bad...

IMO, hardware issues should be eliminated before addressing software.


Report •

#194
December 5, 2012 at 11:38:32
It's been running all night without freezing. I'm gg to put it through some "stress testing" later on today.

I'll be checking for bad caps also. Upon 1st observation (closely, with a bright light), I don't see any bulging or discoloration. I'll keep that in mind, however, tks.

Interestingly, I find no place in FF for cookies. I seem to remember being able to view all the cookies somewhere, in "Tools" maybe. As I recall, it was on the same page as the one on which you can select your home page. I can't seem to find it now.

Could it be because I have the privacy settings set to "Never Remember History"?


Report •

#195
December 5, 2012 at 12:32:56
In Firefox it's:

Tools > Options > Privacy, then set "Use custom settings for history".
You then get several cookie options (including exceptions).

So "Never remember history" is a likely reason that CCleaner is blank on the left. There is something of an overlap with CCleaner in all this, so you might end up setting both to achieve what is necessary - I did.

Always pop back and let us know the outcome - thanks


Report •

#196
December 5, 2012 at 13:20:23
Run CCleaner and then come to CN only. Exit FF and run CCleaner again but only analyze. Click on Options at the left. You will see you can include or exclude. That moves the listed cookie to the right or left as the case may be.

Sometimes there are more than one cookie for one operation. For instance Yahoo mail requires more than on cookie to be excluded in order not to remove your password.

Not really difficult once you get the hang of it.


Report •

#197
Report •

#198
December 5, 2012 at 17:35:55
Still haven't found any "dump files" through Ultrasearch, beyond the ones I posted in a screen shot earlier, in post #150. Haven't located any particular "dump" folder, beyond that one (Minidump) located on the original drive, "C", which is now the only FAT32 drive.

However,, I have got my cookies working again. When I changed the settings in FF from "Never Remember.." to "Custom", I still had "Private Browsing" mode set. Once that got unchecked, I started getting cookies.

Then I went back into CCleaner and moved the two computing.net cookies over to the right, where they're safe. Finally I don't have to log-in every time,, : )

Through it all,,I'm not stalling or freezing, and gradually this seems more stable. (Not saying it's the "cookies" that did it,,lol). Not sure why yet. Could be only temporary.

Time will tell.

Pwr Supply,,hmm,,

I did change that out a while back. We suspected it. It was the original one I built this box with,,only 250 W,,now it's a 400 W Cooler Master. I don't suspect it, but I'll research the info. Tks.


Report •

#199
December 5, 2012 at 17:48:11
Can't see anything you've done recently that could help except running CCleaner.
Maybe it is giving you a day off.

Nite

Always pop back and let us know the outcome - thanks


Report •

#200
December 5, 2012 at 17:58:29
"Can't see anything you've done recently that could help except running CCleaner.
Maybe it is giving you a day off."

No,,maybe it's giving YOU a "day off",,lol.

Have a good sleep Derek.

OTH,,I have the zipped folder for memtest86+ on the desktop. I'm not sure how to unzip it to the "K" drive (a USB flash drive).

Here's a screen shot of my options in 7-Zip:

http://i.imgur.com/4EhpN.gif

I tried the "extract files" option, but it didn't seem to give me the option to unzip it to the thumb drive. In fact, the drop down menu didn't seem to work, under "where to".


Okay,,I figured it out. There was this symbol to the right of the "extract path" window/drop-down-box, that has three dots (" ... "), which I now realize means "browse for path", I suppose.

So I've downloaded the memtest86+ ISO onto a thumb drive.

I'll run it tonight, after I re-seat things. (As you can see, I'm a bit slow at the actual carrying out of things here, since I get locked into a thought process, with all the input here, and sometimes have several things going on in my brain at once. But I've always been that way,,more absorbed in the process and the theory than the actual doing of it. I'm "cautious", in other words. If I don't fully understand something, I often balk a bit at first, until I get it sorted out in my mind,,the procedure, that is, not the efficacy of the thing.


Report •

#201
December 5, 2012 at 19:23:52
Try this one.

HeavyLoad
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/heavyload/
Heavyload will try to stress all resources of a PC (like CPU, RAM, harddisk, network, operating system, etc.) in order to test, if it will run reliable under heavy load.


Report •

#202
December 5, 2012 at 19:25:58
"Heavyload will try to stress all resources of a PC (like CPU, RAM, harddisk, network, operating system, etc.) in order to test, if it will run reliable under heavy load."

Hmm,,that's handy.


Report •

#203
December 5, 2012 at 20:00:12
"Through it all,,I'm not stalling or freezing, and gradually this seems more stable"

Good time to run Combofix & ESET again.


Report •

#204
December 5, 2012 at 20:09:30
Another test to do after all the previous ones, I don't think a Chkdsk has been done.

http://best-windows.vlaurie.com/chk...


Report •

#205
December 5, 2012 at 22:40:28
As per #200 above. Normally the file would be downloaded elsewhere. I suggest your move the zip file to the desktop and click on it when you have a flash drive inserted in a USB port. The rest of the steps will be evident by the onscreen prompts.

Report •

#206
December 6, 2012 at 00:05:56
Okay,,got the flash drive made. But during the dusting I broke one of the blades off the CPU fan. Now it sounds like a Harley,,so I'm gg to have to buy a new one,,haha.

Plus, everything is vibrating.

Better shut down.


Report •

#207
December 6, 2012 at 07:31:08
OMG, that's all you needed.

Best not run your computer until that is sorted.

Always pop back and let us know the outcome - thanks


Report •

#208
December 6, 2012 at 11:09:42
Just ordered a new fan from Amazon, on "points". Should be here by the "12th".

I'll be spending a limited time here until then. I've got to share the communal com-put-or.

Thanks for your help, everyone.


Report •

#209
December 6, 2012 at 13:23:31
How did you manage to break the fan blades? Were you clening while under power?

Compressed air works best to clean the innards. Blow out the power supply from both ends too. Much better results over brushes.

Vacuums can and will damage or kill computer hardware.


Report •

#210
December 6, 2012 at 17:47:01
"How did you manage to break the fan blades?"

I was,,(in the interest of "blowing out dust whilst in my tiny bedroom", was using the dust brush to loosen while holding the vacuum a few inches away, to suck up the loosened dust, thusly avoiding clouds of dust in the room). Whilst using the brush, trying to get the dust accumulated on the CPU heat sink loose, I forced said brush between the aforementioned blades, and one broke off.

No, it wasn't turned on. At least I know enough not to do such a stupid thing as that. So, I did the next stupidest thing instead,,lol.

I took the whole thing apart, unplugged every cable, unplugged every card, used cans of compressed air to blow out the p.s. (from "both ends"), which blew a cloud of dust into the room (the one time I wasn't quick enough with the vacuum hose). I took the hard drives outside and blew them off (my secondary physical drive really had some serious dust build-up, especially on the circuit side of where the data cable connects.

Anyway,,

I now see the wisdom of not sticking things into the fan housing, but relying strictly on air cans. I just hate watching little dust bunnies flying around my head, and finding places to hide throughout my cluttered room.

The only reason I didn't take it out on the back porch for the whole operation was that it was after dark, and drizzling outside.

Live and learn.

I did reach areas that otherwise would have been neglected, in this dusting. I figure there might even be more dust on the back of the m'board, which is inaccessible unless one removes the board from its mounting stand-offs.


Report •

#211
December 6, 2012 at 17:53:27
Also,,I just got off the phone with a friend who's a specialist in electronics, who agreed with your assessment, that it would have been much quicker, and more immediately revealing, if I'd just re-installed the OS, simplifying the problem, since with a fresh install, it would have been apparent that any further problems would have been in hardware.

Still,,I'm kind of interested in the whole disinfection process. But in his opinion, trying to "fix Windows" is very complicated and tedious, and not worth the time involved.

So,,there are differing "schools of thought", for sure.


Report •

#212
December 6, 2012 at 18:48:38
"So,,there are differing "schools of thought", for sure"

I use your approach most of the time, it's good for learning.

The comp I will be working on today, has already been to the dealer twice & a new motherboard fitted. The original problems remain.

Eventually, just to get a cleaner install, I will delete ALL the partitions ( DELL ) format to NTFS & reinstall.


Report •

#213
December 6, 2012 at 19:22:10
And post #213 is here.

Report •

#214
December 7, 2012 at 12:40:05
"differing "schools of thought", for sure"

Especially with intermittent faults such as yours, which kinda have the "could be anything" flavor. Folk tend to first start with what their experience tells them is the most likely place. Reasonable enough, but not everyone's experiences are the same.

My first thoughts were along the lines of hardware and I felt that a few quick checks would be worthwhile before we did much else. As there were some signs of viral activity I could also see sense in getting at least a reasonable degree of satisfaction that this was not the reason.

As for reformat and re-install then yes, if the going started getting rough then that would be a sensible way forward. It wouldn't suit me personally because all my computers are well stitched up to do what I want, not MS. It would take weeks after a complete restore to get the computer back to be anywhere near my liking (from wadges of notes, batch files, utilities, tweaks and so forth).

Once your troubles are sorted, then we might be able to say where we really should have started. What a pity 20-20 hindsight doesn't exist LOL. If it ever becomes available I would sure like to get some.

Always pop back and let us know the outcome - thanks


Report •

#215
December 7, 2012 at 14:23:09
Yeah. I'm always thinking,,"I wish I'd have known,,,". In many ways, things might have turned out a lot differently. I figure I could have made "life" a lot more advantageous, if I'd "only have known".

But whatever the case,,I almost enjoy failing anymore, because it's commonly just the entry into a new experience of discovery.

Bob Dylan said "There's no success like failure, and failure's no success at all."

(I had to throw that in there, "child of the sixties" that I am.

Yes,,we all bring differing experiences to the table. Each experience of failure informs our next episode of success. I'm glad to be influenced by both sides of the equation here.


Report •

#216
December 7, 2012 at 14:40:12
Yes, although not "entirely" true there is something in the general idea that experience is what you gain from when you got it wrong (or something similar) at some time in the past. It sticks like glue!

Always pop back and let us know the outcome - thanks


Report •

#217
December 12, 2012 at 16:31:36
Okay,,maybe time for a new thread, but tell me what you think:

I've cleaned (physically) the computer, re-seated all the cards (basically just 3 "cards",,the two memory cards and an after-market PCI card to upgrade the USB from 1.0 to 2.0 (which I'm beginning to suspect, for a couple of reasons). I also unplugged and re-plugged all the power and data cables. I blew out dust from every corner and crevice, and replaced the CPU fan and heat sink, since I broke a blade off of the fan while shoving a paintbrush into it to loosen up the dust on the heat sink. I could have just as easily used the air can, but didn't want to blow too much dust into my bedroom, where I was doing the repairs.

During the process of trying to make a USB boot flash drive with memtest86+ on it (ISO), I had problems, firstly with the flash drive itself, which seemed to freeze the system when I tried accessing it, and then, eventually, I found out that this motherboard/system is just a bit too old (I think) to be able to set the USB thumb drive into the boot sequence. I tried, and all the options I get are for external USB hard drives, zip drives, CD drives, floppy drives,,but nothing specifying a USB flash drive. I read somewhere that computers made before 2001 couldn't do this.

So maybe I need to make a bootable CD, with the ISO on it?

But here's another complication. During the process of trying things, regarding the USB drive, the computer froze a couple of times, and then, when I looked at the USB situation in "device manager", there were a bunch of references there that had a yellow cautionary symbol, so I figured that something was messing up, either with the drive, or with the USB 2.0 PCI card.

At one point, I got a BSOD, stating something about the "pagefile", and it automatically restarted the system, before I had a chance to write down the details, or get a screenshot.

I'm suspecting something amiss here, with the USB stuff.

And to top it off,,today, downstairs, my wife was showing me some youtube video clip that she got to from "Pinterest", showing some Greek news channel, and two or three people throwing water and other things at each other. When she went to restart the video and watch it again, she wanted to fast forward it to near the end, and in dragging the thingy toward the end of the clip, we got a BSOD, same style as mine upstairs, on the downstairs computer. I didn't get a chance to see if it mentioned "pagefile" or not, and told her not to use the computer until I've looked at it. For all I know, we're sharing viruses by sharing thumb drives, or something.

but I really don't know.

Anyway,,her system auto-rebooted, just like mine did last night after the BSOD.


Report •

#218
December 12, 2012 at 16:38:49
By the way,,I did a search for "blue screen page file error", and got this site, which suggests some software fixes, using something called "DriverUpdate" (supposedly finds updated drivers for all your devices), and "FixCleaner" (supposedly fixes registry errors), and then some memory issues are addressed.

http://www.windowsanswers.net/artic...

I don't know if that's a trustworthy site. I didn't notice it listed on the sites that were referred to in an earlier post about Combofix help sites. Then, this site wasn't mentioned there, either, so I don't know.


Report •

#219
December 12, 2012 at 16:51:15
One more addendum:

When I removed and uninstalled the USB 2.0 card, installing it in the other PCI slot (I have two), and the yellow caution icons went away in device manager. During the time it was messing up, I couldn't access the Patriot thumb drive. It wasn't being "seen" by the system. I'm concerned about using that thumb drive now.

Maybe this system's just too doggone old to be very "USB friendly".

I bought the card around a year ago, to try to speed up the USB transfers, and add a few more USB ports, but it's performance has been questionable.

It says in the instructions, that if "devices are not being detected" you should try providing additional power through a power connector located on the card close to the internal USB port. I don't see any connectors available on my power supply that would fit that power connector.


Report •

#220
December 12, 2012 at 16:55:08
Plus,,generally, since replacing the CPU fan and heat sink, I've been seeing "shakiness" in the text, for instance, on THIS page, more so when I'm typing or rolling the cursor. It's like the text is visibly "shaking", or "flashing" bold, and then back to normal again. Almost imperceptable, but different, at any rate.

To be fair, I started noticing this phenomenon when the CPU fan blade was broken, and was vibrating.


Report •

#221
December 12, 2012 at 17:08:49
Some motherboards don't have the feature to boot from flash drives, so yes, you will need to use a CD.

As for the errors in Device Manager, expand out each one that is showing an error until you find the device in question. Right click it and select Uninstall. Do not touch any that are not showing errors. Reboot and when it starts it will show "New Hardware found" and find the software to go with it. See if this helps.

Viruses can jump thumb drives. Of-course it is just as possible that one was transferred from the other computer to yours. Not all problems are viruses tho.

Avoid "Driver Updates" from websites and any other magic "Fix Everything" programs. Most are either scams or might make things even worse. Drivers are best obtained from your computer or motherboard manufacturer.

To get the page file message, disable restart after error - like this:
http://pcsupport.about.com/od/tipst...
They sometimes show up in Events too.

Always pop back and let us know the outcome - thanks


Report •

#222
December 12, 2012 at 18:06:41
I already did the "uninstall" with the devices that were showing errors, and restarted. The same errors came up, so I removed (physically) the USB adapter card and re-installed it on the 2nd PCI slot, and it came up without errors.

I haven't tried the Patriot thumb drive again yet.


Report •

#223
December 12, 2012 at 18:11:29
Looks like you had an IRQ error with those USB's - glad to hear you sorted it.

Always pop back and let us know the outcome - thanks


Report •

#224
December 12, 2012 at 18:13:10
I just plugged in the Patriot drive (8Gig, NTFS), and did a full format, to be safe. In properties it says there are still "39.5 MB" used. I hope that's not something malicious.

Report •

#225
December 12, 2012 at 18:30:00
"In properties it says there are still "39.5 MB" used"
Try formatting it in Disk Management.
Control Panel > Administrative Tools > Computer Management > Disk Management.

"I hope that's not something malicious"
Right click on the drive & scan with your AV, MBAM & any others you have installed.


Report •

#226
December 12, 2012 at 18:43:55
"Try formatting it in Disk Management.
Control Panel > Administrative Tools > Computer Management > Disk Management."

When I do that, it offers me only one option: FAT32. I can't remember how I got this drive to format in NTFS. For that matter, I don't remember WHY I needed to format it in NTFS. I think it had something to do with file size.

Also, when I "right-click on the drive" I don't get the option to scan it, as I usually do when accessing it from My Computer. So I guess I'll scan it from My Computer.

Having done so,,it shows up clean.


Report •

#227
December 12, 2012 at 18:59:17
"I think it had something to do with file size"
Correct.

The first format didn't work, so I googled it, here is a tool you may need for the future.

http://angrybyte.com/hardware-failu...


Report •

#228
December 12, 2012 at 19:05:36
Also, I just ran the "event viewer" and got the following screenshots:

http://i.imgur.com/b3Vxo.gif

http://i.imgur.com/uYUs4.gif

http://i.imgur.com/4I8Tn.gif


Report •

#229
December 12, 2012 at 19:12:14
Johnw: "The first format didn't work, so I googled it, here is a tool..."

How did you ascertain that "the first format didn't work"?

I'm thinking that the "39.5MB" that is still defined as "used", even after a full format, must be some necessary system files?

Plus, there's a way to defeat the default "FAT32" formatting, to enable me to format it in NTFS. I just can't remember how.

Okay, I remember now. It's got something to do with "policies". It's got to do with "write-caching" in NTFS.

But interestingly, when I go to look at the "policies" page, it states that this drive is set up for write-caching, which means that I changed it at one point, to allow for larger files (larger than 4 Gigs, as I recall). Why it won't format in NTFS from disk management in Administrative Tools, I don't know.


Report •

#230
December 12, 2012 at 19:23:39
"Also, I just ran the "event viewer" and got the following screenshots"
Uncable ( power & ribbon ) your CdRom1 & see if the errors cease.

Report •

#231
December 12, 2012 at 19:30:21
"How did you ascertain that "the first format didn't work"?

I'm thinking that the "39.5MB" that is still defined as "used", even after a full format, must be some necessary system files?"

When I format a thumb drive, nothing is left.


Report •

#232
December 12, 2012 at 19:35:05
How do I know which one is "1"? When I go through device mgr, one is listed as "0", and the other is listed as "1". Is "0" 1, or is "1" 1?

What they call "0" is a TDK CD RW drive

What they call "1" is a CD-ROM drive, and at the end of the same cable the TDK is on.


Report •

#233
December 12, 2012 at 19:41:19
Johnw: " When I format a thumb drive, nothing is left."

Okay,,I just formatted the USB Patriot drive in FAT32, in Adminstrative,,

It shows "4KB" as "used" now. A lot less than "39.5MB", but not "zero", or "nothing left".


Report •

#234
December 12, 2012 at 19:50:54
"It shows "4KB" as "used" now. A lot less than "39.5MB", but not "zero", or "nothing left""
Perfect. That's virtually nothing.

Try the rom's one at a time.


Report •

#235
December 12, 2012 at 23:41:16
"Try the rom's one at a time."

What are "roms"? Read-only memories? I still don't know what that means in this context.


Report •

#236
December 13, 2012 at 01:20:01
"What are "roms"? Read-only memories? I still don't know what that means in this context"

http://i.imgur.com/EA91B.gif

cdrom

http://is.gd/mo7tXI


Report •

#237
December 14, 2012 at 09:03:08
Ran the ISO boot disc I made with memtest86+ on it.

10 passes and no errors.


Report •

#238
December 14, 2012 at 11:21:56
Also,,I found this:

http://i.imgur.com/4H5Ja.gif

(which indicates that after a full format, a USB flash drive formatted in NTFS has set aside 39MB for system usage)


Report •

#239
December 14, 2012 at 14:04:05
"Also,,I found this:"
Very good find W2000user. I have never had to format a thumb drive to NTFS.

Report •

#240
December 14, 2012 at 14:05:14
W2000user

Lets recap & check the issues as I remember them & see what we have achieved after 200 + posts. We may need to add more.

1: Malware. Still don't for sure if the comp is clean. Refer post #203

2: Memory/Ram. Now know it is Ok.

3: Stress test of CPU, psu etc. Still don't know if they are Ok. Refer post #201

4: Dump/.dmp file for XP. Still not available, only for W2000. That has to be changed. Googling should find a way. Refer post #174

5: Flash drive sorted out.
http://www.yoingco.com/flash_drive_...

6: Did you resolve the CdRom issue?


Report •

#241
December 14, 2012 at 19:34:02
Johnw: "I have never had to format a thumb drive to NTFS."

It would only become necessary if you were dealing with files over 4 Gigs, normally.

Here's a thread on the subject of formatting a flash drive in FAT32 or NTFS:

http://forums.anandtech.com/archive...


Report •

#242
December 14, 2012 at 19:38:27
Johnw:

I'm aware that we're still in the thick of it, though the computer hasn't frozen in a while,,for days. That's different.

Now, the only thing unusual that I'm noticing is that the letters on the screen wiggle when I'm typing, It's like they dim for an instant, and then back. Just while I'm typing, or moving the cursor over the text. I've never seen that before, and it seemed to have started when the CPU fan broke and was vibrating.

So, I'm going to go over the items you listed in your last post, above.


Report •

#243
December 14, 2012 at 19:52:54
Okay,,as to running ESET and Combofix again, I didn't want to try running them from the desktop again, and seeing it freeze up before the scan completed. I'm gg to make a couple of boot discs for those two programs.

Haven't stress tested yet. I just thought it may be interesting to see if it causes any malfunctions.

Dmp file,,I'll get on that. Still don't know how to find one in XP, in the present setup. I'll check out the link.

Flash drive,,that's the link I sent you, by the way.

As far as the CD-RoM issue, whatever it might have been,,I'm not clear yet, concerning how they are identified. ("0",,"1",,), and whether that identification is consistent with how the system sees them. All I know is that they both (the CD-RoM and the CD-RW) are on the same cable, though one is on the end (master) connector (CD-RoM), and one is on the slave connector (CD-RW) on the same cable. I'm not certain that either of them are faulty, though it seemed to indicate something of that sort in the event viewer.

Time will tell. Right now I'm busy with guests.


Report •

#244
December 15, 2012 at 08:50:05
Do you fellows really want to continue this thread? After 243 replies you still haven't resolved all the problems. Don't you think it may be time to re-install?

Report •

#245
December 15, 2012 at 10:20:05
If the goal is to finish this thread, we could do that now.

If the goal is to learn, either the thread continues, or,,?

So far, nothing has been firmly established, except for the fact that the original problem of freezing isn't happening anymore.

I'm sure we've fixed some things, if not all.

Re-installing is always on the table. Fixing things is often more fun, unless someone wishes to simply "start fresh". Making old, temperamental things work is challenging, but often rewarding as well. I'm an "old, temperamental thing" myself, lol.

But I'm relatively new here, so I don't know the convention, or what is expected here.

Tell you what,,

Since it is a long thread,,I'll take the initiative to stop it here.

Everybody happy now?

thanks for your help. it's been fun.

bye for now.

Robert.


Report •

#246
December 16, 2012 at 04:18:21
W2000user

The purpose of all threads here is to attempt to solve a particular problem. The reason all postings are public is so others may also benefit from the thread.

I would venture a guess that NO one will attempt to read this entire thread, so even if the first purpose is satisfied, the second one won't be.

There are other means to communicate with folks you have met here if the intent is to brainstorm. Try PM or better yet, email.


Report •

#247
December 20, 2012 at 13:34:25
"I would venture a guess that NO one will attempt to read this entire thread, so even if the first purpose is satisfied, the second one won't be."

Well,,it's your site, not mine, but I wouldn't be making such "guesses", personally, since I, for one, would be one of those reading "the entire thread". To me, it's all good, seeing how others would attack the problem.

I'm a reader, I guess.

Cheers.


Report •

#248
December 20, 2012 at 16:55:40
CN is NOT my site. I do have an opinion though.

Report •

#249
December 20, 2012 at 17:22:05
Well, I do appreciate your help. I, for one, have learned a lot during the making of this thread, however convoluted things may have become. I do apologize for the length of the thread, however. I just don't see any way around that, considering the circumstances (save to simply use "PM or email", as suggested. this, however, shuts others out of the learning process). To be honest, I doubt whether my focus will change much. I want to learn, and learn it all. "Private lessons" (e.g., "PM's or emails") are fine, if the object is to hoard for oneself. Public, open, visible to all, this thread affords anyone who cares to read it some valuable tools.

Old saying,,"Give a man a fish, and he'll eat for today. Teach a man how to fish, and he'll hijack your threads, steal your website, and take over the internetz." Anon.


Report •

#250
December 20, 2012 at 19:21:21
You can learn just as much by trolling the forums here. You will eventually get a feel for what is right.

Report •

#251
December 20, 2012 at 20:54:49
"You can learn just as much by trolling the forums here. You will eventually get a feel for what is right. "

True, however, less direct and less "succinct" (if 250 posts is "succinct",,lol).

It just means spending more time here, randomly reading, in order to find, perhaps by fortuitous "accident", what I wish to know.

But I suspect I've "worn out my welcome" with overmuch verbiage. No prob. I'd rather "know" than " guess", but it's okay. Oftentimes it's "internet diplomacy" that keeps people from just giving you "the boot". I understand.


Report •

#252
December 21, 2012 at 06:55:44
You have not worn out your welcome here, not as far as I am concerned anyway.

So, the real question, which I hesitate to ask, is this. Did you solve the problem that instigated this thread?


Report •

#253
December 21, 2012 at 07:17:07
The answer is,,,I think so, but don't know which of the many scans and re-seatings and dust removals I did actually got us over the hill, er,,,through the tunnel and into the light. (I'm waxing poetic, since I've been up all night, watching ESET do its thing. It's like watching glue dry.

At any rate, the computer works better, a bit crisper in response, and no freezing. I think it might have been something to do with the PCI card for USB 2.0. It was showing yellow exclamation points in device manager, until I switched it to the other PCI slot, and the yellow went away. Someone was saying that it sounds like an IRQ conflict there.


Report •


Ask Question