XP SP3 PC Acting Strange

Get your PC tech problems solved here. Quick response time.

Moderator: The Mod Squad

XP SP3 PC Acting Strange

Postby c327 » Sat Feb 14, 2015 5:30 am

Hello All,

OK here goes.....

This concerns a quality custom built Intel based PC with XP Pro SP3 installed and a Microsoft wired keyboard and mouse. IE8 & Google Chrome installed and using OE6 and Google Email.

6 months ago my wife asked for here own email address which I complied with but with some reservations cautions :roll:

Now 6 months later I noticed the PC running a little slow so I ran Malwarebytes, Super Anti Spyware and AVG with System Restore turned off but in normal mode just to get an idea what if anything was going on.

Results of preliminary scans:

AVG - Good
Super Anti Spyware - Good
Malwarebytes - 3 malware & 640 pup.optional.mindspark.A

Now I'm getting nervous :idea:

I shut down the PC and rebooted attempting to get into Safe Mode via the keyboard F8 but it would not go and went right into Windows.

I went to msconfig and got into Safe Mode that way and ran Super Anti Spyware again, still nothing returned. I then ran Malwarebytes again and it again picked up the 640 pup's which I deleted. I figured it would be OK now but on a reboot still unable to get into Safe Mode via the keyboard, also found out I am unable to get into the BIOS via the keyboard Delete Key (didn't try F2)

The Delete Key works fine under normal PC delete uses but not into Safe Mode.

Tried to get drivers for the old Keyboard but MS no longer supports XP which we all know. I did find some drivers for a MS Keyboard similar to the one I am using stored in some files of mine and installed them but still no Safe Mode via the Keyboard.

So here comes the questions:

1) Having deleted the pup's through Malwarebytes in Safe Mode and System Restore OFF have the Pup's been actually completely removed?

2) I will try another Keyboard but I have a feeling that is not the problem. If not the Keyboard what may be causing the Keyboard not being able to get into Safe Mode & the BIOS by typing Delete or F8 Keys?

Not Related:

Trying to hold out for Windows 10 which I gather won't be available until October and then will switch out the disk HDD for a SSD and a new OS.

Thanks You
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Re: XP SP3 PC Acting Strange

Postby Karlsweldt » Sat Feb 14, 2015 8:27 am

What model of MS keyboard is this? Special function keys plus the standard ones? Should not need drivers, unless the keyboard is high-level CAD type.
The trick to getting into the BIOS is either the [delete] key, or [F2] or [F10] (some models) just before the POST info is finishing. Later than that, and the bootstrap is in effect and locks entry to the BIOS.
The [F8] key has to be pressed after the POST info is shown, just as the bootstrap finishes. Once the "loading" bar shows, too late. Holding the [shift] key should also bring up the start options, if held down just before the POST info finishes.
If all your anti-malware finds nothing, likely the signature is not found in the data to indicate such. AVG and other antivirus software do delve deeper into the data to find specific traces that may indicate a PUP (potentially unwanted program).
That "mindspark.A" is a nuisance adware program.. and should be removed. Here is a link to MS as to how to do so..
http://answers.microsoft.com/en-us/prot ... 5d6ac72ab9 or go directly to the page link.. http://malwaretips.com/blogs/pup-option ... k-removal/
Set the AVG 'privacy' tab tic as to "Do not tell sites anything about my browsing".
Some pop-up windows are inevitable, and the only safe way to close them is from the task bar.. clicking that [X] box may only load the malware into your system!
As a rule, any site with a lot of pop-up ads should be avoided.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Re: XP SP3 PC Acting Strange

Postby c327 » Sat Feb 14, 2015 10:20 am

Karlsweldt wrote:What model of MS keyboard is this? Special function keys plus the standard ones? Should not need drivers, unless the keyboard is high-level CAD type.
The trick to getting into the BIOS is either the [delete] key, or [F2] or [F10] (some models) just before the POST info is finishing. Later than that, and the bootstrap is in effect and locks entry to the BIOS.
The [F8] key has to be pressed after the POST info is shown, just as the bootstrap finishes. Once the "loading" bar shows, too late. Holding the [shift] key should also bring up the start options, if held down just before the POST info finishes.
If all your anti-malware finds nothing, likely the signature is not found in the data to indicate such. AVG and other antivirus software do delve deeper into the data to find specific traces that may indicate a PUP (potentially unwanted program).
That "mindspark.A" is a nuisance adware program.. and should be removed. Here is a link to MS as to how to do so..
http://answers.microsoft.com/en-us/prot ... 5d6ac72ab9 or go directly to the page link.. http://malwaretips.com/blogs/pup-option ... k-removal/
Set the AVG 'privacy' tab tic as to "Do not tell sites anything about my browsing".
Some pop-up windows are inevitable, and the only safe way to close them is from the task bar.. clicking that [X] box may only load the malware into your system!


As a rule, any site with a lot of pop-up ads should be avoided.


This is a MS wired keyboard model 600. Been using it for years on this same PC. I know how to get into the bios and safe mode it's just the keys won't work when trying to do it. Could there still be a nasty hidden some place that is causing it?

The only thing I have not done is to zero out the swap file or run F Secure Black Light.

I ran Malwarebytes and Super Anti Spyware again this morning in Safe Mode and AVG in Normal mode and all came back clear. Could the OS be damaged to some degree that would cause this? Other than this issue the PC runs good and much better since clearing out that junk I found.

Thanks.......
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Re: XP SP3 PC Acting Strange

Postby c327 » Sat Feb 14, 2015 12:51 pm

Karlsweldt wrote:What model of MS keyboard is this? Special function keys plus the standard ones? Should not need drivers, unless the keyboard is high-level CAD type.
The trick to getting into the BIOS is either the [delete] key, or [F2] or [F10] (some models) just before the POST info is finishing. Later than that, and the bootstrap is in effect and locks entry to the BIOS.
The [F8] key has to be pressed after the POST info is shown, just as the bootstrap finishes. Once the "loading" bar shows, too late. Holding the [shift] key should also bring up the start options, if held down just before the POST info finishes.
If all your anti-malware finds nothing, likely the signature is not found in the data to indicate such. AVG and other antivirus software do delve deeper into the data to find specific traces that may indicate a PUP (potentially unwanted program).
That "mindspark.A" is a nuisance adware program.. and should be removed. Here is a link to MS as to how to do so..
http://answers.microsoft.com/en-us/prot ... 5d6ac72ab9 or go directly to the page link.. http://malwaretips.com/blogs/pup-option ... k-removal/
Set the AVG 'privacy' tab tic as to "Do not tell sites anything about my browsing".
Some pop-up windows are inevitable, and the only safe way to close them is from the task bar.. clicking that [X] box may only load the malware into your system!
As a rule, any site with a lot of pop-up ads should be avoided.


OK thank you for the links.

I did visit two of them. The CMD prompt came back clean the other one returned about 5 items which I removed. Also ran FSecure Black Light and it came back clean. Ran Malwarebytes again and it returned 10 more pup's. Seems like I had or have the whole kennel here. I removed them also.

I tried booting to safe mode and still no good via the keyboard. The PC seems clean and it is more responsive than before.Ran AVG in Normal Mode again and it came back clean. I ticked to not allow 3rd party cookies which sometimes can be a pain in the butt, but I did it any way.

Now what. What about the OS being damaged some place? The PC runs fine other that the Safe Mode/Keyboard issue???

Thanks
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Re: XP SP3 PC Acting Strange

Postby Karlsweldt » Sat Feb 14, 2015 5:08 pm

You could run msconfig from the 'run' prompt and see what is possibly causing problems, if in the start lineup.
Also check "Add or Remove Programs" from the Control Panel. Might be something listed there that is not desired.
The Task Manager also might show something "extra" that is suspicious. For a 'lean and clean' system, should be maybe 50 or less active apps running. More than that, and the system is burdened. Turn off any "finder" programs or dump them. Same for any "IM" features. Email notices? Kill off, unless part of a business need!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Re: XP SP3 PC Acting Strange

Postby Mark H » Sat Feb 14, 2015 6:10 pm

Might also want to run "HijackThis",and post the results here. If it looks like a virus or other nasties, a mod can move the thread.
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Re: XP SP3 PC Acting Strange

Postby c327 » Sun Feb 15, 2015 4:42 am

Mark H wrote:Might also want to run "HijackThis",and post the results here. If it looks like a virus or other nasties, a mod can move the thread.


I will do this..........
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Re: XP SP3 PC Acting Strange

Postby c327 » Sun Feb 15, 2015 5:17 am

Karlsweldt wrote:You could run msconfig from the 'run' prompt and see what is possibly causing problems, if in the start lineup.
Also check "Add or Remove Programs" from the Control Panel. Might be something listed there that is not desired.
The Task Manager also might show something "extra" that is suspicious. For a 'lean and clean' system, should be maybe 50 or less active apps running. More than that, and the system is burdened. Turn off any "finder" programs or dump them. Same for any "IM" features. Email notices? Kill off, unless part of a business need!


Something is very wrong with this PC:

1) I opened the Task Manager on the desktop screen and the Task Manager is completely blank no nothing just a square white page and freezes. The only way I can get it off the screen is by clicking the icon in the Systems Tray.

2) I went through the add/remove program list and deleted anything that was unwanted or didn't belong there.

3) I run a Selective Start-up with the bare minimum being ticked.

4) This all seemed to be noticed since I found out that this PC had over 640 pup's on it :o

5) There may be more things going on with this PC's performance than I am aware of. It seems the more I check the more I find wrong.

6) Just a wild uneducated PC guess of mine is that the O.S. is damaged, corrupted or missing something? I point to this because the PC appears not bloated and clean with 90% free space remaining on this Seagate HDD. AVG, Malwarebytes, Super Anti Spyware, CCleaner and FSecure Black Light have all been run at least 3 times with System Restore turned off and in both Safe Mode and Normal Mode and as of the last time they were all ran all came back completely clean but yet all of the known problems still remain. (can't get into Safe Mode or BIOS via the keyboard. Task Manager freezes with nothing but a blank page).

7) There are no warnings or pop-ups that report something being missing or wrong.

8 I don't use IM and I don't keep an address book on the PC.

9 Not a newbie and not a tech guy either when it comes to PC's just an an advanced home PC user and as such I have tried all that I know and can't factually say so and so is causing this. I realize that a clean install would correct all this but unfortunately for me XP anything has long been discontinued and no longer supported. By reloading XP Pro SP3 from my Windows CD will do just that but I will not be able to get the 1 million hot fixes that also need to be installed afterwards. So this is where I am at. What are my options and what do you folks suggest? October is a long way off for Windows 10. For general use this PC still functions which makes what I do about all this more difficult.

NOTE:

Found the problem with the Task Manager being blank and freezing, I had it in the wrong view mode. It shows 45 processes and 1 % CPU use.

Hi Jack This Log:

As you can see there isn't really that much on this PC but that doesn't mean what is on it is good.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:23:29 AM, on 2/15/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)


Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\XXXXXX\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\JIMDAN~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7352 bytes

Thank you ..................Mark
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Re: XP SP3 PC Acting Strange

Postby Karlsweldt » Sun Feb 15, 2015 7:18 am

You could run the SFC process, doing a mild repair.. replacing corrupt files.. http://www.microsoft.com/resources/docu ... x?mfr=true
If hat does not fix the issue, then hopefully there is a restore point before the problem started, which may still be valid.
Doing a "repair" operation from booting to the OS install disk may cure the problem, but also may undo a lot of updates.
But I note you have several 'spell checkers' active. One should be sufficient.
There were more than 300 security updates for Win XP. Very few could be uninstalled, and the entire lot may still be in the parent folder.. with names such as "$NtUninstallKB2779562$". Here you can get all the "KB" update titles needed.
http://www.microsoft.com/en-us/download ... x?id=35809 Change the string name for each update. Yes, tedious process.. but a last resort.
IE8 is not considered secure enough, and not honored by most Web sites now. But is an integral part of Windows. Set a different browser as default.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Re: XP SP3 PC Acting Strange

Postby Mark H » Sun Feb 15, 2015 10:09 am

Remember this post? viewtopic.php?t=120888
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Next

Return to Tech Support

Who is online

Users browsing this forum: No registered users and 2 guests