Prev: c:\recycler
Next: system restore
From: Daave on 13 Dec 2009 01:23 Comments inline. mm wrote: > As to security, I've done full harddrive scans with > BitDefender with that day's definitions, > SuperAntiSpyware, with that day's definitions > AVG with that day's definitions > and found only cookies and little things which didn't seem important > but nonetheless I deleted everything. I restored from backup one > Eudora mailboxe and index, but it's in a separate datar partition and > also never gets opened. I've been a fan of AVG for a long time -- until recently. I find it very bloated now. I would definitely ditch it for something much lighter on resources -- like Avira AntiVir. Although I snipped what you earlier wrote, you did mention Spybot (presumably Spybot Search & Destroy). Although this was once great to have, it's no longer that effective. I would uninstall it. MalwareBytes' Anti-Malware (MBAM) and SuperAntiSpyware (SAS) are enough, IMO. You had also mentioned ZoneAlarm, which is another waste of resources. I would uninstall it and use the more-than-adequate Windows Firewall. True, it doesn't block outgoing traffic, but the truth is that once malware gets in, it will probably override a firewall's outbound protection anyway. Better to concentrate on incoming traffic. :-) And that means safe hex, too. BTW, did you ever have malware on this machine? If so, there may still be traces. > Is now the right time to do a Repair slipstream install of XP? I'm not sure such a thing exists! You can create a custom-made installation CD, slipstreaming SP3 into it, and *then* boot off this CD to peform a Repair Install. But it is NOT advised! you need to address your immediate issue first, and I see no evidence that a Repair Install is appropriate in this situation. > ***I see that ctfmon.exe is running. I don't remember what that is. > Could that be the problem? Could be. I always disable that obnoxious feature: http://www.pchell.com/support/ctfmon.shtml >> It sounds like your machine is suffering from Windows Bloat. > > Bloat? I don't have many programs installed. 13 (list further > down**) I would say AVG and ZoneAlarm are bloatware. One thing to consider: How much time do you want to spend troubleshooting this issue? You might find that performing a Clean Install with your newly created XP isntallation CD at the SP3 level will yield the largest benefit. However, if you *never* had malware, troubleshooting may not be a bad idea, and this could be a learning experience. But you should think about how much time you want to devote to this endeavor.
From: Daave on 13 Dec 2009 01:31 Daave wrote: > Comments inline. > > mm wrote: > >> As to security, I've done full harddrive scans with >> BitDefender with that day's definitions, >> SuperAntiSpyware, with that day's definitions >> AVG with that day's definitions >> and found only cookies and little things which didn't seem important >> but nonetheless I deleted everything. I restored from backup one >> Eudora mailboxe and index, but it's in a separate datar partition and >> also never gets opened. > > I've been a fan of AVG for a long time -- until recently. I find it > very bloated now. I would definitely ditch it for something much > lighter on resources -- like Avira AntiVir. > > Although I snipped what you earlier wrote, you did mention Spybot > (presumably Spybot Search & Destroy). Although this was once great to > have, it's no longer that effective. I would uninstall it. > MalwareBytes' Anti-Malware (MBAM) and SuperAntiSpyware (SAS) are > enough, IMO. > You had also mentioned ZoneAlarm, which is another waste of > resources. I would uninstall it and use the more-than-adequate > Windows Firewall. True, it doesn't block outgoing traffic, but the > truth is that once malware gets in, it will probably override a > firewall's outbound protection anyway. Better to concentrate on > incoming traffic. :-) And that means safe hex, too. > > BTW, did you ever have malware on this machine? If so, there may still > be traces. > >> Is now the right time to do a Repair slipstream install of XP? > > I'm not sure such a thing exists! You can create a custom-made > installation CD, slipstreaming SP3 into it, and *then* boot off this > CD to peform a Repair Install. But it is NOT advised! you need to > address your immediate issue first, and I see no evidence that a > Repair Install is appropriate in this situation. > >> ***I see that ctfmon.exe is running. I don't remember what that is. >> Could that be the problem? > > Could be. I always disable that obnoxious feature: > > http://www.pchell.com/support/ctfmon.shtml > >>> It sounds like your machine is suffering from Windows Bloat. >> >> Bloat? I don't have many programs installed. 13 (list further >> down**) > > I would say AVG and ZoneAlarm are bloatware. > > One thing to consider: How much time do you want to spend > troubleshooting this issue? You might find that performing a Clean > Install with your newly created XP isntallation CD at the SP3 level > will yield the largest benefit. However, if you *never* had malware, > troubleshooting may not be a bad idea, and this could be a learning > experience. But you should think about how much time you want to > devote to this endeavor. I just re-read your earlier thread "XP Started Slow" and I'll bet you still have malware left. Although you could run HijackThis scans and have experts analyze your logs and assist you, I still think a Clean Install makes the most amount of sense. It wouldn't hurt to try a Repair Install first (as a learning exercise), but a Repair Install won't be able to remove the deeply hidden malware you most surely still have. If this were a test machine *and* you had lots of time, detective work (assuming you have lots of patience!) would make sense. But I really think it's time to cut your losses and wipe the slate clean! Make sure all your data is safely backed up!!!
From: mm on 13 Dec 2009 01:42 On Sun, 13 Dec 2009 01:23:08 -0500, "Daave" <daave(a)example.com> wrote: >Comments inline. > >mm wrote: > >> As to security, I've done full harddrive scans with >> BitDefender with that day's definitions, >> SuperAntiSpyware, with that day's definitions >> AVG with that day's definitions >> and found only cookies and little things which didn't seem important >> but nonetheless I deleted everything. I restored from backup one >> Eudora mailboxe and index, but it's in a separate datar partition and >> also never gets opened. > >I've been a fan of AVG for a long time -- until recently. I find it very >bloated now. I would definitely ditch it for something much lighter on >resources -- like Avira AntiVir. > >Although I snipped what you earlier wrote, you did mention Spybot >(presumably Spybot Search & Destroy). Although this was once great to Yes. >have, it's no longer that effective. I would uninstall it. MalwareBytes' >Anti-Malware (MBAM) and SuperAntiSpyware (SAS) are enough, IMO. I think I should wait until I have the big problem fixed before I start changing things, right? Only AVG is running now. The others were one-time scans, just in case there was a virus. >You had also mentioned ZoneAlarm, which is another waste of resources. I >would uninstall it and use the more-than-adequate Windows Firewall. >True, it doesn't block outgoing traffic, but the truth is that once >malware gets in, it will probably override a firewall's outbound >protection anyway. Better to concentrate on incoming traffic. :-) And >that means safe hex, too. > >BTW, did you ever have malware on this machine? If so, there may still >be traces. I don't think I ever did. XP only ran for two months or so, and I started with sp3 and allowed all the windows updates. I ran AVG, bloated or not, from the first day. I had one possible incident in Win98 on the same harddrive, but that was before I installed XP in another partition. >> Is now the right time to do a Repair slipstream install of XP? > >I'm not sure such a thing exists! You can create a custom-made >installation CD, slipstreaming SP3 into it, and *then* boot off this CD >to peform a Repair Install. Yes, that's what I meant. > But it is NOT advised! you need to address >your immediate issue first, and I see no evidence that a Repair Install >is appropriate in this situation. Okay. >> ***I see that ctfmon.exe is running. I don't remember what that is. >> Could that be the problem? > >Could be. I always disable that obnoxious feature: > >http://www.pchell.com/support/ctfmon.shtml Okay. >>> It sounds like your machine is suffering from Windows Bloat. >> >> Bloat? I don't have many programs installed. 13 (list further >> down**) > >I would say AVG and ZoneAlarm are bloatware. > >One thing to consider: How much time do you want to spend >troubleshooting this issue? You might find that performing a Clean >Install with your newly created XP isntallation CD at the SP3 level will >yield the largest benefit. However, if you *never* had malware, >troubleshooting may not be a bad idea, and this could be a learning >experience. I do like learning experiences, so I'm ready to spend more time than someone else would on this. Especially with computers, I've learned a lot already and I find it very interesting. I figured this "running on the web for 15 minutes" might be a well known symptom of a known problem. Everything pretty much works. If I could lengthen 15 minutes to 16 hours > But you should think about how much time you want to devote >to this endeavor. FWIW, I usually do this when I'm watching tv. If the troubleshooting gets really interesting, I lose track of the tv show, but hey, that's life.
From: rob^_^ on 13 Dec 2009 01:52 Hi mm, Thanks for the excellent detail! It doesn't make diagnosis any easier though. I thought it may be a startup service that is trying to call home to look for updates because your connection is dropping out after a certain period on the web. Typically the check for updates services of some addons occur while IE has an active connection which can conflict with the security zone of the currently viewed page. In Vista this causes a DEP (Data execution prevention). Slow startup's though are a sure sign of an Addon causing problems. Although FX should be unaffected. Oh, You have Spybot installed? Check that you have not disabled any Browser Helpers... use the IE Addons Manager only to manage Addons so that Toolbars and Browser Helpers are enabled/disabled together. With Spybot in control of BHO's you can end up with some Addons only partly enabled. To disable BHO's and Toolbars use the "Enable third-party browser extensions" on the Advanced tab of Internet Options. If after all that you still have no joy, and before you try a reformat, you may like to try a RIES (Reset IE Settings - Reset button on the Advanced tab of Internet Options). This will disable ALL of your IE Addons and reset ALL IE settings to their factory/recommended defaults. Regards. "mm" <NOPSAMmm2005(a)bigfoot.com> wrote in message news:vgn8i5tdqdfd2ofrb1arcjvvlpdbdgvtq5(a)4ax.com... > On Sun, 13 Dec 2009 06:12:06 +1100, "rob^_^" > <iecustomizer(a)hotmail.com> wrote: > > Thanks for your detailed answer. > >>Error Messages? > > None. > > After the first 10 minutes or so when it stops working, I get the > standard page from IE, "The page cannot be displayed The page you are > looking for is currently unavailable. The Web site might be > experiencing technical difficulties, or you may need to adjust your > browser settings...." > > Or the video just stops playing, the time elapsed doesn't change > anymore; > > Or in FF#, it just shows "Done" in the bottom line. > > AVG and Spybot return their own messages that the update failed to > complete. > > Eudora will dl mail, but if an email has embedded files with a url > that are supposed to dl separately, no error message. They just stay > as blue boxes. > >>Check your Internet Options - General tab, Temporary Internet Files, >>Settings button. Have you set the storage to 50Mb or greater (see >>recommendations)? > > 63 megs. (I don't know how it ended up there, but that's what it is. > :) ) > >>When was the last time you had a Adobe or Shockwave Flash update? >>(important >>security updates went out last month). > > Not sure. Haven't used Adobe or Shockwave since July. Would it still > update? Fop Adobe Flash I have ver 10.0.22.87 > > You probably don't mean the reader, do you? (I originally dl'd and > installed Adobe Reader 9 May 22 of this year. It appears to have been > based only on the install file name version 9.1.0. Now I have version > 9.1.2. I can update Adobe reader manually, but it has to be the first > thing I do when I start XP. ) > > As to security, I've done full harddrive scans with > BitDefender with that day's definitions, > SuperAntiSpyware, with that day's definitions > AVG with that day's definitions > and found only cookies and little things which didn't seem important > but nonetheless I deleted everything. I restored from backup one > Eudora mailboxe and index, but it's in a separate datar partition and > also never gets opened. > > Is now the right time to do a Repair slipstream install of XP? > >>Do you have the GoogleToolbarUpdater.exe in your Windows startup list... >>Known issue. Uninstall the old version of the Google toolbar and reboot. >>Then go to toolbar.google.com for the IE8 compatible version. > > No special tool bars, just the ones that came with IE6: status bar, > standard buttons, address bar, and links. (No added bars in FF3 > either.) > >>AOL software updates and Quicktime - known to cause problems with IE8 and >>the Win Startup list. > > XP came with IE6, and after I installed IE7, I had major problems, so > uninstalled it. Everything worked then, and XP worked great for more > than a month after that until I had the current problem. I was > afraid to install IE8. > > In both win98SE and XP, Quicktime was not in my startup, but it > suddenly appreared in both -- I don't know when. In XP it's been > unchecked in Startup in the SCUtility for two weeks now. > > I never had any AOL programs or software updates in the Startup list > or anywhere. > > ***I see that ctfmon.exe is running. I don't remember what that is. > Could that be the problem? > >> You can disable these two services by adjusting their >>settings (see their control panels to switch off automatic updates). > > OK, I switched off Quicktime updates. > >>Most IE8/Win startup problems are caused by 'Updater' services trying to >>call home when IE is in a different security context. > > Is this really a start-up problem? All the web programs work for 10 > or 15 minutes, and then they stop. > > I used to have trouble starting but now that I've unchecked, disabled > those two Service, Shell Hardware Detection and Uninterruptible Power > Supply, it starts as quickly as ever. > >>It sounds like your machine is suffering from Windows Bloat. > > Bloat? I don't have many programs installed. 13 (list further > down**) > > And the HD partition has 10 empty gigabytes. > > There are only two errors in the event viewer per session, both under > System, both to do with Zone Alarm, both under S > > > Doesn't it seem strange that the web will work for a while and then > stop? > > >>I would be considering a hardware and software upgrade to Win7. I imagine >>this would take less of your time than trying to turn Mutton to Lamb. > > No job right now. Plenty of time but not much money. > >>Regards. > > Adobe Reader 9 > AVG > Firefox3 > PowerDesk6 (a windows explorer substitute) > Real Player > Support Tools > Zone Alarm > TCC by 4DOS, a DOS emulator with enhanced dos commands > Spybot S&D > OverDriveMediaConsole (that was supposed to let me read online books > from the public library.) > QuickTime. > > And since these problems started, I've installed > Malwarebytes AntiMalware > SuperAntiSpyware > > Thanks again. > > Mike > >>"mm" <NOPSAMmm2005(a)bigfoot.com> wrote in message >>news:l3m7i55phtq02gs1emhmgdjn4okcspfcad(a)4ax.com... >>> Windows XP-SP3; Web access is only the first 10 or 15 minutes of each >>> session. >>> >>> >>> Besides planning to do a repair install on windows XP SP3, I'm also >>> trying to solve my XP problem one symptom at a time. >>> >>> (When my problem first started, it took 15 minutes to start windows, >>> and when Windows started, it ran 10 times as slow as normal, and it >>> would not access the web or the rest of the internet. In order to get >>> this far, I used msconfig.exe and unchecked every Service and every >>> start-up program. I have rechecked every service except Shell >>> Hardware Detection and Uninterruptable Power Supply. >>> In Firefox, I disable every add-on.) >>> >>> I have Verizon DSL (which gives me no problem 99.99% of the time when >>> using win98SE on the same box). >>> >>> RIGHT NOW, most of XP works all the time, and at normal speed, and all >>> or almost all of the rest works some of the time (and at normal >>> speed). >>> >>> SPECIFICALLY, web access works only for the first 10 or 15 minutes >>> after Windows XP-SP3 has started. This includes IE6 and FF3. The >>> messages are something like Server not Found, or a blank screen with >>> the word "done" on the line at the bottom. This includes efforts to >>> fetch the same url l that I got successfully just a couple minutes >>> ago. Watching a video on Utube worked, once for 8 minutes, and >>> another time, when I had done something else first, it only rant for 2 >>> minutes. Then it just stopped. I could still move the cursor and >>> click on things which would take me to a blank screen with a new url >>> in the location box at the top, but nothing will load. >>> >>> OTOH, POP email and Usenet work all the time. >>> >>> The rest is more examples of programs that do the same sort of thing. >>> >>> >>> Eudora email works all the time, but emails in html which include >>> graphics that have urls won't download except during those first 10 or >>> 15 minutes. Emails I look at after that just sit there with blue space >>> where the graphic is supposed to be. >>> >>> Windows updates seem to download, but if it's possible to do so in >>> multiple windows sessions, that's what's happening. It may be doing >>> part of the DL in the first 10 minutes of each session. When it >>> completes the dl, it correctly installs the updates when I exit >>> Windows. 3 of them last night, several others 4 or 5 days ago. >>> >>> From win98, I dl'd a newer release of AVG, but installed it in XP. >>> It's been able to update its own virus definitions, automatically >>> yesterday, but when I tried late last night, the dl failed in the >>> middle. Come to think of it, that had happened several times before, >>> and I guess it happens when the 10 or 15 minute time limit is passed. >>> >>> Agent will download from Usenet all the time. >>> >>> Spybot S&D won't dl new definitions, but it's a low-priority program >>> and I've probably never tried during the first 15 minutes. >>> >>> >>> Thanks a lot for any help you can give. >>> >
From: Daave on 13 Dec 2009 10:00
Daave wrote: > Daave wrote: >> Comments inline. >> >> mm wrote: >> >>> As to security, I've done full harddrive scans with >>> BitDefender with that day's definitions, >>> SuperAntiSpyware, with that day's definitions >>> AVG with that day's definitions >>> and found only cookies and little things which didn't seem >>> important but nonetheless I deleted everything. I restored from >>> backup one Eudora mailboxe and index, but it's in a separate datar >>> partition and also never gets opened. >> >> I've been a fan of AVG for a long time -- until recently. I find it >> very bloated now. I would definitely ditch it for something much >> lighter on resources -- like Avira AntiVir. >> >> Although I snipped what you earlier wrote, you did mention Spybot >> (presumably Spybot Search & Destroy). Although this was once great to >> have, it's no longer that effective. I would uninstall it. >> MalwareBytes' Anti-Malware (MBAM) and SuperAntiSpyware (SAS) are >> enough, IMO. >> You had also mentioned ZoneAlarm, which is another waste of >> resources. I would uninstall it and use the more-than-adequate >> Windows Firewall. True, it doesn't block outgoing traffic, but the >> truth is that once malware gets in, it will probably override a >> firewall's outbound protection anyway. Better to concentrate on >> incoming traffic. :-) And that means safe hex, too. >> >> BTW, did you ever have malware on this machine? If so, there may >> still be traces. >> >>> Is now the right time to do a Repair slipstream install of XP? >> >> I'm not sure such a thing exists! You can create a custom-made >> installation CD, slipstreaming SP3 into it, and *then* boot off this >> CD to peform a Repair Install. But it is NOT advised! you need to >> address your immediate issue first, and I see no evidence that a >> Repair Install is appropriate in this situation. >> >>> ***I see that ctfmon.exe is running. I don't remember what that is. >>> Could that be the problem? >> >> Could be. I always disable that obnoxious feature: >> >> http://www.pchell.com/support/ctfmon.shtml >> >>>> It sounds like your machine is suffering from Windows Bloat. >>> >>> Bloat? I don't have many programs installed. 13 (list further >>> down**) >> >> I would say AVG and ZoneAlarm are bloatware. >> >> One thing to consider: How much time do you want to spend >> troubleshooting this issue? You might find that performing a Clean >> Install with your newly created XP isntallation CD at the SP3 level >> will yield the largest benefit. However, if you *never* had malware, >> troubleshooting may not be a bad idea, and this could be a learning >> experience. But you should think about how much time you want to >> devote to this endeavor. > > I just re-read your earlier thread "XP Started Slow" and I'll bet you > still have malware left. Although you could run HijackThis scans and > have experts analyze your logs and assist you, I still think a Clean > Install makes the most amount of sense. It wouldn't hurt to try a > Repair Install first (as a learning exercise), but a Repair Install > won't be able to remove the deeply hidden malware you most surely > still have. > If this were a test machine *and* you had lots of time, detective work > (assuming you have lots of patience!) would make sense. But I really > think it's time to cut your losses and wipe the slate clean! > > Make sure all your data is safely backed up!!! One final thought: I still think your problem is likely from ZoneAlarm or Spybot S&D. Once these are uninstalled, I would be curious to see the effect. In the meantime, you can run XP in Safe Mode with Networking to see if you lose Web connectivity. When uninstalling AVG (also recommended) and ZoneAlarm, both of these companies have removers that should also be run since the uninstallers aren't complete! They can be found at the respetive Web sites. If you had IE7, I would recommend running it in the No Add-ons Mode, but I'm not sure how this is done with IE6; I think you need to manually disable the BHOs. Then again, you said Firefox yields the same result, so this is why I think something else is interfering. And since your other thread contained information that your security programs were prevented from running, I thought and still think that malware slipped in at some time. If that is what happened, sometimes the best solution *is* a Clean Install. Then again, you stated elsewhere you have the time and energy to get to the bottom of your problem, so maybe you're still not ready for this! So once more, if you decide to continue your troubleshooting (or perform the Clean Install, for that matter), I can't stress the importance of making sure everything is backed up! And this site is a great resource: http://www.elephantboycomputers.com/page2.html#Removing_Malware |