Jump to content

Andy Spragg

Honorary Members
  • Posts

    166
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Ron, Wow, that should keep me entertained for a while! Thank you for such a comprehensive list of resources - there is plenty of stuff out there about robocopy, but it's the usual problem of knowing what's wheat and what's chaff. I agree, robocopy being part of the OS was a huge attraction for me. What kicked this all off was Windows 7 being helpful and reminding me that I hadn't set up backup on my machine - but when I tried (and still when I try now), to get backup going, on the same network drive this post relates to, it tells me "the specified location cannot be used" with either "Access denied" (0x80070005) or "The parameter is incorrect" (0x80070057) or "The network drive cannot be found" (0x80070043) as a more detailed explanation. And there is lots of stuff out there about that, let me tell you! (and none of it helped me. Most of it is to do with backups failing partway through, and that is not my situation. I wasn't going to bore you with details, but I can't resist mentioning that one of the official suggested fixes, for folks that use , rather than . as a decimal separator, is to change to using . instead! Read something like that and you have to conclude Windows backup is at best flakey, and flakey software is never desirable but particularly when it is backup software). Anyway, I came to the conclusion, not for the first time in my life, that most users don't backup because something that should a) be very simple and b) just work, isn't and doesn't. So I figured robocopy would be a near-ideal workaround. Little did I know ... As a postscript, with my new knowledge, I went back to robocopy yesterday and discovered the /sl option which I figured added to my option list (consisting originally only of /mir) would enable it to do the same as FreeFileSync. But it didn't - for some reason it made no difference - and the reason it made no difference is that it was ignored (i.e. I specified it as an option in my batch file, but the log file showed the options that were actually used and /sl wasn't one of them). As a second postscript, after more messing around with /mir, /sl and /xj singly and in combination, I have finally managed to get robocopy to produce output that matches that of FreeFileSync - but definitely by luck and not judgement. The relationship between the options I specify and the ones actually used is not at all clear to me, and in particular I have never yet managed to get /sl listed in the log file. So my best guess is that some of these options are either mutually incompatible or equivalent in combination, but nothing in the documentation indicates that. Maybe I will find the reason somewhere in your list of homework Andy
  2. Stop press - I figured it out (with the help of more reading around the subject)! And it is to do with "symbolic links". I don't understand it completely, but well enough to be happy. So in the hope that it will save others from wasting investing as much time as I have, here is my explanation. I said in the previous post that I had been set up with FreeFileSync and it didn't have the same problem. Well, I dug around in FreeFileSync, and came across an option for how to handle symbolic links: Exclude, Direct, or Follow (default is Exclude). Basically, a symbolic link is a special type of file, which is a pointer to an actual file or folder. Something like a shortcut except it isn't visible in Windows Explorer. "My Documents" contains three of them: to "My Music", "My Videos" and "My Pictures". Under the hood, "My Documents" is a folder \Documents, and it includes subfolders \Music, \Pictures and \Videos. The symbolic links make it appear to the user as though they are folders on the same level as "My Documents". So: With the Exclude option, these three symbolic links are ignored With the Direct option, they are treated as files, so relative to the Exclude option, the backup contains three more files With the Follow option, they are treated as their targets, so again relative to the Exclude option, the backup contains three more folders, and 57 more files and 0.2 more GB (the contents of those folders). Because I was treating My Pictures as a separate folder, this option gives two copies of the contents of "My Pictures": one as a subfolder of "My Documents", and the other as a separate folder. So something like the Follow option is what robocopy is doing. It is resolving symbolic links, with one critical difference: the resolved links are not visible in Windows Explorer! I know this because I tried using FreeFileSync with the Follow option, and the folder, file and byte count for My Documents came out the same as the robocopy result, but the FreeFileSync version of My Documents contained visible copies of the three symbolically linked folders. I can now sleep again :-) Andy
  3. Hi Ron, I don't have the competence to access both resources from another remote system, or to robocopy to another Windows computer :-) I am only a user in this context. I have attached twelve screenshots, to validate my experience. (Edit: just now, I forgot the first time ). Two of reported properties for the parent folder on C and on the network drive (showing biig discrepancies), and five lots of two of reported properties for each of the five child folders on C and on the network drive (showing exact correspondence). It's academic now, though, because I have now been set up with FreeFileSync and I don't see the same issue with the backup it creates. I would like to understand this though! I was reading about "symbolic links" and "junction points" yesterday when I was looking through discussion prompted by others who have reported similar experiences. Both seem to be features of modern Windows file handling that might account for apparently anomalous file copying results (and get in the way of a user who knows enough to be dangerous and just wants to backup a load of files and verify it has been done correctly). Thanks as ever for your assistance, Ron. Andy
  4. Hi Ron, Many thanks for a prompt reply. The network resource is a Novell drive, using NcFsd file system; more than that I don't know. The issue does not seem to be one of files failing to transfer. Maybe I am not describing the issue clearly enough. Let me try again. I have a parent folder on my C drive, containing five child folders. I (robo)copy that parent folder to the network drive. The reported properties of each copied child folder precisely match those of the original child folders. But the reported properties of the two parent folders are very different. Sounds bonkers, doesn't it? Andy
  5. Hi folks, Briefly, I have searched the Net for symptoms like this, and found other people asking similar questions, but without getting any good answers ... The machine in question is a workplace Windows 7 Pro SP1 Dell laptop, running ESET Smart Security. Yesterday I set up a little robocopy script to mirror specific folders (Desktop, Favourites, My Documents and My Pictures) from my C drive to a network drive. Once I got a version that worked and did what it was supposed to, and made sure that the contents of both locations were the same (by e.g. deleting any hidden content from previous versions that did not work), I checked the aggregate properties of those four folders in each location. The total file, folder and byte counts were all different between locations. I have several times deleted everything, including hidden files, and started over. The properties on C are always the same (provided I haven't changed any files in the meantime, obviously), but the properties on the network drive are never the same twice. Even though Robocopy always reports 100% success. Here's the killer. I have looked more closely where the supposed discrepancies are occurring. The main culprit is My Documents, which contains precisely five folders and no files. If I examine the properties of each of those five folders, all five match exactly between locations in terms of file, folder and byte count. If however, I examine the properties of the My Documents folder (which is just a folder that contains those five folders), there are discrepancies of 57 files, 3 folders, and roughly 200 MB. Every time I delete the mirror and try again I get different discrepancies, but always all three are non-zero. Has anyone ever encountered anything like this? How can Windows count the contents of five folders correctly and yet get the result completely wrong for the folder that contains them (and nothing else)? Hoping as always for enlightenment, Andy
  6. Hi noknojon, Thank you for replying. I should have been less lazy and included details about what I meant by "misbehaving badly". I read the content of your step 1 and thought OMG. Then I read up about KB268509 (thanks for that heads-up). However, the symptoms that are being reported are not mine. I get NO error messages and NO endless failure-to-install loops. As far as I can tell, all the updates installed "successfully". What happened halfway through installing the upgrades (and happens again very quickly if I reinstall my wireless keyboard and mouse) is the following. The Start menu begins to flash on and off, roughly once or twice a second, just as if the Start button were being pressed and released by the mouse cursor. That makes it quite hard to give focus to anything else, but if I do manage to do that, and open (say) Notepad for demo purposes, some character keys on the keyboard produce the correct character, while others produce actions e.g. minimize the Notepad window. Other keys, notably Ctrl, do not function at all. Note this only happens with wireless keyboard and mouse. The wired keyboard and mouse work just fine - fortunately, or I'd be completely shafted. So I am loath to embark on the major program of step one when the symptoms I am reading about do not correspond with mine - although I agree the timing and keyboard related nature of the problems others are having are very suggestive of a link to my problem. Andy
  7. Hi folks, It's been a while since I posted (long story). I'm posting now so that the information is findable by others - it's better than joining loads of new forums I'll never use again just to answer individual questions. So, short version (I composed this for www.justanswers.com then found it was going to cost me $43 for the privilege of an answer): I installed the last 10 Windows (XP Home SP3) updates yesterday (been away for three weeks) and my Microsoft wireless desktop started badly misbehaving halfway through the process. To cut a long story short, after a lot of uninstalling and cleaning up and reinstalling good old wired devices, I was able to use the computer again. Today I downloaded the latest drivers (v8.2, I had only been on v7) and reinstalled and got the same symptoms. So I am back to wired again. It would take a long time to describe the presenting symptoms in writing, and I'm not going to do that, but I'm happy to relate my experience to you over the phone if you want. I think Microsoft messed up badly here and the only reason there is not a lot more outcry so far is because it's hard to write an angry email when the keyboard isn't working, and lots of folks don't have a wired keyboard any more. What would lengthen the post considerably is a description of what I mean by "badly misbehaving", and at the moment all I want to do is alert savvy folks to the issue. But I'm happy to expand if interest warrants. There are other folks out there with the same problem - I have established that - the difficulty is finding the right set of words to feed into Google to narrow tens of millions of hits down to a manageable number ... Andy
  8. Hi Chris, Well, I didn't want to mention it too soon, because it looked like things were all sorted after I got the Internet connection working again, and that only lasted a couple of days, so after I did the registry surgery and it looked like I had fixed things, I thought I'd better give it two or three times as long as that before deciding that I had finally got things sorted. Like I said, thanks for sticking with me. You are a gentleman, and Malwarebytes rocks. Andy
  9. Hi Chris, OK, first things first. I uninstalled the network adapter, which took care of the non-hidden entry and one of the hidden ones. The other hidden one, Windows said it couldn't uninstall it, and that it might be needed to boot the computer. Ha, I think not. So I searched the registry for all instances of "Belkin Wireless G USB Network Adapter #2 - Packet Scheduler Miniport" - there were three - and to my surprise successfully deleted the associated registry content (I thought I might have been told "Access denied"). But I now think that was a red herring. Here's some more information that I didn't tell you at the time. When I was trying to get the router working, before I realised that I needed some ISP account information, in desperation I tried using the Internet Connection wizard. After a couple of preliminary steps it created a Shared Internet Connection, complete with icon, which I knew was not what I wanted, and I figured when I cancelled it would go away again - but it didn't. And straight away it started to register a lot of traffic apparently between my computer and the internet, but I still wasn't able to browse or connect to my email server. So I got a bit freaked at this point, and tried to delete it, but delete was not an option anywhere that I could see, so I just disabled it. I did change its name to something to indicate it was bogus but that was all I could do. When I got the Internet working again, that shared Internet connection changed its name and device name to values associated with the ISP, and since I was able to connect normally again at that point I figured it was now necessary, and stopped fretting about it. But within a day I had the same connection problems as before. At this point I decided to see if I could find this Shared Internet Connection in the registry and get rid of it - which turned out to be very easy. A couple of "folders" called "Shared Internet Connection" with a small amount of data and no "subfolders", and I was able to delete them no problem. Since then (about five days ago), my connection has been fine. So currently I believe I'm sorted. However, I am left wondering what this weird Shared Internet Connection was that I managed to create, and amend when I got the router working again, that seemed to come and go at random, and which indicated massive amounts of traffic to and from the router. Maybe you can shed some light on that? Thank you very much for sticking with me in a topic that is almost certainly in the wrong forum. Andy
  10. Hi, I don't have Network Devices, I have Network Adapters, under which is just one entry: Belkin Wireless G USB Network Adapter. If I Show Hidden Devices, a little more interesting. I have as well: - Belkin Wireless G USB Network Adapter - Packet Scheduler Miniport - Belkin Wireless G USB Network Adapter #2 - Packet Scheduler Miniport - Direct Parallel - Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport - WAN Miniport (IP) - WAN Miniport (IP) - Packet Scheduler Miniport - WAN Miniport (L2TP) - WAN Miniport (PPPOE) - WAN Miniport (PPTP) No yellow exclamation marks, but I know enough to know that the first two hidden devices jointly indicate something not right. Should I uninstall the second one? Andy
  11. Hi Chris, I haven't replied sooner because until landlady re-appeared there was nothing more I could do. As I suspected, the router was missing ISP account details after I reset it. Once I established that information and restored it, I was able to connect to the Internet just fine again. It only lasted for about a day, though, then I started to have the same problems as before. Currently it's fine, yesterday it wasn't. The only new information I have to offer, and I don't know what to make of it, is this. Before the problems started, I only had a single network connection icon in Control Panel, Network Connections - for the wireless network. Once I got Internet connectivity again, I acquired a second one, for an Internet gateway connection, which also appeared in the system tray. At first it seemed as though I could only get a good connection while this second connection was visible in the system tray, but currently I can't see it and I'm connected just fine. It seems to come and go at random. One thing that does worry me is that when it's there, it often indicates a colossal amount of traffic between the Internet and the router. Still don't know whether to suspect something malevolent or not. Hope you can advise. Andy
  12. Hi Chris, I am posting this from work because I am now not able to get online on my machine at home at all - please read on I did as directed: - disabled the wireless connection and physically disconnected the wireless adapter - reset the router - checked TCP/IP settings (no changes needed) - flushed the DNS cache - re-connected the wireless adapter and re-enabled the wireless connection The automatic wireless network connection did not remake itself. I viewed the available wireless networks and the network I have been using was not there (although there were several listed so the adapter is working OK). One of the networks was called NETGEAR, which is the make of the house router, and the start of the name of the missing wireless network. By switching the router off and on again, and observing that the NETGEAR network disappeared and reappeared again, I demonstrated that the NETGEAR network corresponded to the router. So resetting the router reset its name and removed its security key. I could connect to the newly-unsecured network but I could not load any web pages, or connect to my mail server, or log on to Skype. There were two other unsecured wireless networks visible but I could not connect to either of them - Windows never returned from acquiring a network address. I know the name and security key and login details that the router was using, and I guessed (correctly) that the factor preset login password was "password", so I was able to log in to the router and set all that stuff back how it was. And I can now connect to the wireless network automatically like before, but I still don't have an internet connection. What I have tried since is two things: - I noticed in the router config that the firewall was set up with two default rules: "Let everything out" and "let nothing in" (I paraphrase). I figured this was the problem, and to test that, I set up a new rule "let everything in" and put it above the default rule, but it didn't help. So that isn't the problem (though I guess there is still some fine-tuning to do there once the real problem is fixed). - This morning I tried a couple of TCP/IP repair utilities, without success. My landlady is the only other person who uses this router, and she is away for a week, so I can't tell if the problem is with the router or my computer (though I do know that she has not been having problems while I have been). So I believe the problem is still confined to my computer. What I know is that if she comes back to a router that is not working, she is not going to be happy, and the best way for me to know that the router is working is for me to be able to use it successfully again. And I have just over a week to make it so. Please help!
  13. Hi Chris, Many thanks for getting back to me. First suggestion is not an option ... I'm using the house router and it's a long way away on a different floor. The only other computer that uses this router did not have the same issue last time I checked (owner has been away for a few days at the moment). The only new pieces of information I have since I first posted are: i) that since I uninstalled Avast and changed to Avira, I can not now send emails from my client Thunderbird. I get the warning/error attached as a screenshot, which I never saw before. I thought it might be Avira getting tangled up with Thunderbird, but I checked and Avira doesn't scan outgoing emails. If I click on Get Certificate, nothing happens. I don't know the first thing about certificates and how they work but I don't like the look of this. ii) I noticed that the wireless connection is being reported at various speeds below 54 Mbps (eg 24 Mbps, 36 Mbps) whereas it has always been 54 Mbps since I moved here four months ago. Andy
  14. Hi folks, This has been going on for around three weeks now. Basically, my ability to connect to webpages and my email server has suddenly become very unpredictable. The PC says I have a good wireless connection but a lot of the time, lots of web pages won't load (usually saying the site couldn't be found). The ones that don't, often do so if I hit Reload a couple of times. The ones that do, often don't load completely (missing graphics, lots of vanilla HTML, that sort of thing). I get the same problems with all of Chrome, Firefox and IE8 so it's not a browser-specific problem. Also I can't connect reliably to my email server. I posted about it in the MBAM PC Help forum: http://forums.malwarebytes.org/index.php?showtopic=75582 because I wasn't convinced it was malware, but didn't get any replies. I suspected my AV software Avast, and posted on the Avast forum too: http://forum.avast.com/index.php?topic=71456.0 At first it seemed I was right to be suspicious - once I uninstalled its behaviour shield, everything seemed to return to normal for a couple of days. The only residual question mark was that I couldn't ping a lot of the websites that I could load, but I now gather a lot of web sites won't respond to ping anymore anyway. Anyway, today the problem returned. I completely uninstalled Avast and removed all traces from the registry, but it made no difference. The considered opinion there is that it is probably a hardware problem. The reason I am now posting here is because I noticed something today that made me a little bit more convinced that the explanation is malware rather than hardware. I noticed that there were 10 new top-level subfolders of my C drive, copies of the folders in my bookmarks toolbar. They had all been created between 00:18 and 00:19 on 19 February. I had a look in event manager and at 00:19:15 I found the following TCPIP warning recorded: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." Which all sounds more than a bit fishy to me (given that accessing websites from my favourites toolbar is the main difficulty I'm having). And I struggle to see how a hardware problem could explain it. So I have done the necessary groundwork: - MBAM came up clean - rather than reinstall Avast (because I'm still suspicious that it was implicated somehow), I installed Avira instead. It found 1 hidden object and gave 4 warnings - I ran DeFogger, DDS and GMER in that order. DDS.txt is reproduced below. MBAM, Avira, DDS (attach) and GMER (ark) logs are attached as a zip. Grateful as usual for any assistance. Andy ----- DDS (Ver_10-12-12.02) - NTFSx86 Run by Andy at 21:59:43.06 on 20/02/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1431 [GMT 0:00] AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Andy\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [WINDVDPatch] CTHELPER.EXE mRun: [VX3000] c:\windows\vVX3000.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com\download DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\yam7ukyh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-20 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-20 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-20 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-20 61960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-4 363344] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-4 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176] =============== Created Last 30 ================ 2011-02-20 20:22:29 -------- d-----w- c:\windows\system32\NtmsData 2011-02-20 20:18:39 -------- d-----w- c:\docume~1\andy\applic~1\Avira 2011-02-20 20:16:10 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-20 20:16:09 -------- d-----w- c:\program files\Avira 2011-02-20 20:16:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-19 00:18:57 -------- d-----w- C:\Hide & seek 2011-02-19 00:18:57 -------- d-----w- C:\e logs.zip
  15. For the last few days, I have been having big problems accessing mail (with Thunderbird) and a lot of web sites (with Firefox and Chrome). Thunderbird usually tells me that it "failed to connect", and both browsers often tell me that they "failed to find" website this or that - for example, Google, Gmail, and Facebook. If Facebook does load, it often comes up dispayed as basic text-only HTML with little or no graphics. On the other hand, some sites load reliably. No pressing reason to suspect malware at the moment - full scans with Avast and MBAM came up with nothing, also scans with GMER, DDS, HijackThis produced nothing obviously untoward. The only question mark I have about possible malware is that when Thunderbird started acting up, I had a look at the SSL-related Mail Shield settings, and I found that as well as the two entries I expected to find, there were two others with only IP addresses for names. I wondered at first if these were related to a new gmail account that I set up recently, but I only access it via browser so (as I understand it) Avast should not be involved with those mails. I kept a close eye on these Mail Shield settings for a day or two, and two more similar entries got added (all IP addresses ending in .78). I have now deleted them all. The only other thing that might be relevant is that three or four weeks ago, the PC started randomly shutting down (which I believe was due to overheating, because it stopped when I replaced a noisy fan and declagged the mobo fan). Then after a couple of days it refused to boot, which I fixed by plugging the hard disk into a different slot on the mobo (I noticed in the BIOS that the name of the slot it was plugged into had become corrupted). Today I had a look in event viewer and found a lot of disk controller-related errors up to 30 Jan, and none since. So I'm presuming that overheating was causing the disk errors, and that problem is now fixed. But I'm wondering if maybe some settings got corrupted in Avast? To be on the safe side, I have disabled the wireless network connection until I figure out what the problem is and fix it (I'm posting this from a different machine). Trouble is, I don't really know where to start. Does anyone have any suggestions, please? I'm going to post this in the Avast support forum too since I have a suspicion that it is implicated somehow.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.