Security Advice Please

By Wobwill ยท 16 replies
Sep 23, 2007
  1. Hi,

    Firstly I hope I am posting in the right forum!

    I recently reinstalled windows XP Pro and made a mess of it and so am going to do it again today.

    My HD is partitioned already. I am hoping that I can reinstall windows to its partition and still have access to my data etc on the other partitions.

    My concern is that I may have contracted a virus the last time I reinstalled. I made a real mess of the job and don't know whether I've got a virus or have so badly done the reinstall that software conflicts etc were just screwing everything up.

    I have since read guides from www.radified.com and others and will make a better job of it this time.

    I guess what I am asking is this - how safe is it to carry on installing windows and not deleting the old partitions? I did make sure that I had a firewall and antivirus installed before I went onto the web and suspect most of the problems i've had are software conflicts.

    Really I want to try and avoid losing my data. Also my outlook archive and money file were backed up on an external HD. How likely is it that that would be compromised if I do have a virus. If it is, how do I get back the data on it without transferring the virus to the desktop. (The drive is formatted to FAT32 and I have a laptop running Ubuntu - don't know if I can copy the files to ubuntu then send them to the internet for checking?)

    Any thoughts would be a help.

  matav

    matav TS Enthusiast Posts: 144

    this is what i would do this if i were in your postion:
    make a partition only for windows XP and main programs.
    install windows XP
    wont open any other drive [since they may have virus]
    disable my autorun on all drives
    install an anti-virus [from a clean exe installation packeage ofcourse]
    update my anti-virus definitions to the latest version
    still wont open anyother drive
    scan the other drives for virus

    safe enough if you know what you do on the computer.

    um... wat was your last reason to reinstall windows? virus or software conflicts?

    just dont execute any executable files.

    yes, you can access the files through Ubuntu.
  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Do you have symptoms of a virus or other malware?

    How did you mess up Windows XP twice?

    What is your level of computer understanding? That is not meant to be mean-spirited, but if you want help, you need to give us some idea of what's happening

    Are these "quotes" coming from another thread you started? Where?

    It sounds to me like you would be better of getting help dealing with your system instead of throwing it all out-again-in the hope that you will handle it better next time!

    It won't matter how many partitions you have- if you keep it up, you going to throw the baby out with the bathwater- this means that you're going to lose some things you don't want to.
  jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    If you are considering starting over, then consider the following:
    1. create the system
    2. add a user (eg Master) with admin rights
    3. add another user (JoeUser) with limited rights
    4. use (2) ONLY for installs and IE updates
    5. regularly login as (3) to run programs, email and the browser
    6. be sure to run A FIREWALL
    7. if possible, get your system connection to the Net behind a router
    8. update \windows\system32\drivers\etc\hosts with a suitable file from mvps.org
    9. install Spywareblaster and immunize your system from bad ActiveX software
    10. get ONE Antivirus program and config it to scan your email
    This preinstall planning will save you many hours of grief!

    (if you run quickbooks, google for current status of running quickbooks under and LUA user-id)
  Wobwill

    Wobwill TS Member Topic Starter Posts: 47


    Thanks for getting back to me guys.

    'um... wat was your last reason to reinstall windows? virus or software conflicts?'

    I initially had xp home and was getting some software conflicts - in that windows was becoming unstable, taking ages to shut down, dll errors, programs not closing, that kind of thing.

    'What is your level of computer understanding?'

    I would describe myself as a keen beginner, I know enough to know that I don't know very much at all - if that makes sence. I google error messages for fixes and post on forums like this one (usually this one actually) then apply the fixes I find. I (like most) have had no formal training in IT.

    I have now installed XP Pro for the second time on my desktop and things are working much better. I think my problem first time round was more my own anxiety than anything else. I had installed loads of software that came with the various cds and activsync 4.5 and was having difficulty shutting down again, also I just didn't think i'd done a very good job!

    I then thought that it would be better to start from scratch than muck about trying to fix problems that I don't really understand. Therefore I did that and made sure I followed the guide at www.radified.com more carefully.

    I did as matav suggested and ran Avast with latest definitions prior to connecting to the internet and found nothing on any of the partitions. I have not yet attached my external drive but hope that this will also be ok.

    So I now have a system that is running well apart from a c00000a3 error at start up that I suspect is a sound card conflict. My Mobo has integrated sound and I have a Cmedia card aswell. I have installed the drivers for both.

    I shall install a program called The Ultimate Troubleshooter from the guys at www.answersthatwork.com and see if that resolves the issue. If not i'll uninstall the driver for the integrated sound. If that doesn't work i'll uninstall the driver for the Cmedia card. If that doesn't work i'll post in a new thread here! :)

    I hope that explains my situation more clearly - especially the bit about letting my anxiety and thoughtlessness allow me to get into trouble on the first install.

  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you, Will. That gives me a much better idea of what's going on.

    I highly recommend The Ultimate Troubleshooter- TUT for short. I have used this for several years with great success. You can open the program at any time and see exactly what is running on the system at that time. You will get a description and recommendation as to whether to leave it running. You can access almost everything on the system from TUT- Services, msconfig- you can also do "Housekeeping". There are so many utilities that are useful.

    In any operating system that is new to us, it is best to go slowly, learn the OS first before loading a slew of software that will have to be dealt with. That would give more potential for conflict. One of the best troubletshooting tools in Windows XP is the Event Viewer. This holds logs of all System, Application and Security Events- the good and the bad. This is in the Administrative Tools found in the Control Panel.

    Now, you throw out part of an error message- c00000a3- and say it's likely your sound card? Why is that? Using only this one string, I find the error related to Outlook. So whenever giving an error message it is imperative that 1. you give the entire error message and 2. you tell us what you were doing when the message came up.

    This is one of the times the Event Viewer would be helpful. You can look for Errors at the same time the message came up to try and pin point the causes:

    Follow this path:
    Control Panel Administrative Tools> Event Viewer> Click on System & Apps, one at a time on the left> look for Errors on the right> right click error> Properties> note description of error, Event# and Source.

    There is a "copy" button below the up/down arrows. Click that, then go to any place that allows you to type (ie. notepad, wordpad, this board) and you can paste (use CTRL-V) the entire event details there. It makes for easy reporting of the event.

    Or you can use these sites:

    If you want to paste the Event here, you do not need to include the lines of code that follow the Description- but paste all else.
  Wobwill

    Wobwill TS Member Topic Starter Posts: 47

    Hi Bob,

    Thanks for getting back to me, and the advice! :)

    The error goes as follows

    at start up (and in my case at no other time)

    I get the following

    Windows - Drive not ready

    Exception processing message c00000a3 parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

    This has varied from appearing once, twice or three times on start up (three button choices - cancel, retry and continue - I choose continue)

    I did what you suggested and looked in the error viewer, but I couldn't find anything that looked as though it related to this message. I didn't look very hard though as I had to go to work - where i'm posting from now (in a quiet moment).

  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

  Wobwill

    Wobwill TS Member Topic Starter Posts: 47


    attached is a copy of the Event Viewer Log for the system tab that relates to the error we are discussing.


    Attached Files:

  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you. You will have to determine which of the following best relates to your specific system. Work though, one at a time, if you cannot choose one:

    Application popup: System process-lost delayed write data: the system was attempting to transfer file data from Buffers to <network share>. The write operation failed and only some of the data may have been written to the file

    This problem can occur due to a defective network hardware, such as a hub or cable:
    Error Messages Indicate Web Proxy Service Is Stopped Because of Logging Failure:
    Cluster Disks May Be Incorrectly Accessible from All Nodes:

    Handle this separately:
    Windows - Drive not ready
    Exception processing message c00000a3 parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

    Does the exception occur when you are using your CD drive?If so, the drive probably needs replacing.
    This may be caused by Security update KB925902. Here is the patch that fixes this:
  Wobwill

    Wobwill TS Member Topic Starter Posts: 47


    sorry I haven't been online for a few days. I've been working nights and have had a load of stuff on in the days that has kept me away from my computer - anyway I'm back now.

    I have worked through the fixes you have suggested - none seem to apply to me - except that I have samba set up on an ubuntu laptop and wonder whether this might be interfereing and causing the error.

    What makes me doubt this is that the error occurs on start up and often the laptop is off.

    I have also downloaded and applied the windows KB925902 patch - this has made no difference to me.

  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we back up:
    Look in the Event Viewer for an ERROR- probably similar to this:
    Event Type: Error
    Event Source: System Error
    Event Category: (102)
    Event ID: 1003
    Time: User: N/A
    Error code 00000019, parameter1 00000020, parameter2 82cbd670, parameter3 82cbd680, parameter4 0a020008.

    I need this to coordinate with the Information Event you gave. You have twice given me an Information Event. I need the ERROR Event.
  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Will, I overlooked the comment about Samba and Ubantu. You have a lot going on here! Two operating systems and apparently neither running well.

    I am not experienced in either Samba or Ubantu. But I will help on the Windows connection. I read your previous posts and it appears you have recently installed Ubantu on an old laptop with a new hard drive. Is this correct? And you are using the Samba protocol for the network?

    Is the network working okay ? And did the current problem begin after you set the network up using Samba?
  Wobwill

    Wobwill TS Member Topic Starter Posts: 47

    Could it be Activesync?

    Hi Bob,

    Have gone through the event viewer and hope that my untrained eye hasn't missed anything.

    I've attached what I think might be relevant. I could not find an Error that matched or came close to the suggestion you gave.

    I will keep on looking.

    As an aside - I am getting a lot of sidebyside errors (events 59 and 32) a quick google showed these as a missing language .dll or something that appears to relate to activesync according to this thread


    My thinking is that when the computer is trying to set up my girlfriends user account at start up there is some kind of conflict with activesync that gives the 'drive not ready' error message in my user account (admin).

    Don't know if that makes sense.

  Wobwill

    Wobwill TS Member Topic Starter Posts: 47

    I am running Samba on the laptop and I think that it is the network protocol. It was working before I reinstalled windows and windows was mapping the samba drive on the ubuntu box. I say that it was working - I was unable to see anything on the XP box via samba, but I could save files from XP into the samba drive.

    I think that I will need to reconfigure samba on the ubuntu box to fit with the current settings on XP. I was going to get around to that after sorting this problem out.

    I don't think that the current networking issues between ubuntu and XP via samba are the problem - but as the error is 'drive not ready' I could be very very wrong!

    The reason I don't think that Samba is the problem is that currently the settings in Samba don't match the settings in XP at all. I have not tried to Map the Network drive in XP to link it with Samba, and the error occurs whenever the XP box is started - regardless of whether the laptop is on or not.

    However as I type I am thinking that reconfiguring Samba might be a good idea - just to see if it works.

  Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Will, we aren't getting anywhere with you giving me new pieces of information each time you post. Had you 'mentioned' the SideBySide Errors, I would have sent you right over to the Security Forum to run HijackThis. You have Adware- that's what SideBySide does. You need to proceed with HijackThis as instructed and get help for the malware.

    Additionally, it appears you either have or may have some mobile devices connected to or trying to connect to your computer. This is a ActiveSync problem.

    Rather than continue with each new piece of info as you give it, please do as instructed with the HijackThis program. After running that and cleaning up the system, deal with the ActiveSync problem
    ActiveSync is a synchronization program developed by Microsoft. It allows a mobile device to be synchronised with either a desktop PC, or a server running Microsoft Exchange Server or Kerio MailServer. Only Personal information manager (PIM) data (Email/Calendar/Contacts) may be synchronised with the Exchange Server. (Tasks may also be synchronised with Exchange Server on Windows Mobile 5.0 devices.) The PC synchronisation option, however, allows PIM synchronisation with Microsoft Outlook, along with Internet "favorites", files, and tasks, amongst other data types. Supported mobile devices include PDAs or Smartphones running Windows Mobile, or the Windows CE operating system, along with devices that don't use a Microsoft operating system[1], such as the Symbian platform. ActiveSync also provides for the manual transfer of files to a mobile device, along with limited backup/restore functionality, and the ability to install and uninstall mobile device applications. From Wiki.

    Then please see this Windows Mobile Worldwide site for particulars:Event Type:

    Adware.SideBySide directs web searches to sidebysidesearch.com, and displays pop-up ads."
    The SideBySideSearch installer must be executed.

    The two related Events #56 & 32 may be as follows:
    The Event#32 can occur in conjunction with EventID 59 from source SideBySide and it is caused by an application that was not packaged with all of the necessary runtime files-sometimes. caused by the Logitech SetPoint software and was solved by getting the appropriate C++ 2005 Runtime Library Package.. But the Adware is still present.

    I'm not sure what all you are dealing with here. Looks like software problem, adware problem, mobile device problems.
  Wobwill

    Wobwill TS Member Topic Starter Posts: 47

    HJT logfile.


    Thank you for all the help you've given me so far. I have attached an HJT logfile.

    I hope this gives a clearer picture of what is going on with my system.

    There is another issue that I am waiting to get resolved as well. I have both Acronis disck director suite 10 and true image 11. I have had DDS for awhile and only got TI recently. When I installed it, it deactivated DDS. I have since reactivated DDS, but that has deactivated TI. I am waiting for acronis tech support to get back to me on what to do.

    I know that there is a lot going on here, and I got from the last post that it is frustrating for people as I am not giving enough of the right info to give a clear picture of what is going on.

    If there is any thing else I can do to give clear info please let me know.

