Posts by DMR

Hello Pedro 3,

For one thing: If you removed the CPU (and/or RAM modules) from the motherboard, then yes- you will definitely get a different "Beep Code" than the one you originally got.
BIOS beep codes relate to the installed hardware, so if you change any of that hardware, you will get different beep codes.

You said that you originally got 3 beeps; did those beeps repeat at a certain interval, or did you just get 3 beeps and nothing further?

Hi ChargrO,

Hardware could certainly be at the root of the problem, especially given that you've already done a full reformat/reinstall.
On the other hand though- if your Dad installed/reinstalled any programs after you did the full OS reinstall, he might well have reintroduced a software-related problem.

If you can, please give us as many details about the problem as possible (the system's hardware/software specs, the full and exact text of any error messages that you've received, etc.), OK?
Basically- the more information that you can give us up front, the faster we can help you resolve the problem.

It sounds as though you may be unfamiliar with the relationship between files and the filesystems on which they are created.

In your scenario, although technically it certainly is altered from the original, the copy of the file made under such circumstances is hardly "worthless"; the substantive data in the file (the data with which users and applications are usually concerned) is still intact.

Take, for example, a Word document created on a Windows machine whose hard drive is formatted with the NTFS filesystem. This Word file can obviously be copied via floppy, CD, etc. to a Mac computer using the HFS+ filesystem and opened/edited/saved/printed/etc. in that Mac's version of Word.
From the user's perspective, the file is a perfectly usable copy of the .doc file created on the PC, right?

During such a transfer though, certain filesystem-specific metadata (like NTFS permissions, for example) will get discarded, as the target HFS filesystem has no need (and often no understanding) of that metadata. Just as a point of interest, note that certain Mac-specific metadata will actually get added to the file once it is living on the Mac's HFS drive, as a Mac file is usually comprised of two forks (the Mac equivalent of Alternate Data Streams): a data fork, and a resource fork.

These "translation" issues are just the (mostly) unavoidable effects of transporting/transferring files between disparate filesystems, given that metadata (such as Alternate Data Streams, Forks, Extended Attributes, Permissions, etc). are usually specific to …

my internet connection seems to be spottier than usual after I took out my ethernet card and then put it back in.

I'd try:

1. Opening the case again and double-checking that all cards/cables/etc. are properly and firmly inserted.

2. Updating the drivers for the network card(s); because of the reinstall, you are now using the original Windows drivers again.

What do I do next?

Why- you celebrate, of course.... [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/party.gif[/IMG]

SmitfraudFix looks to have done its job, and your latest HijackThis log is clean. :)

Does everything seem to be running properly now?

We're not done yet- many of the infections were cleaned, and the symptom may have been removed, but pieces of the nastiest one (a Smitfraud/SpySheriff variant) are still active.

This is normal, as the Smitfraud infections need to be removed with a specific tool and procedure. A download link to the SmitfraudFix tool and instructions for its use can be found here. Please follow the instructions fully and carefully.

When you have completed the removal procedure, please run HijackThis again and post the new log here. Also post the contents of the SmitfraudFix report log, which is named rapport.txt; it will have been created in your root (C:\) folder.

... Changed the AGP Aperture...

You've got to be kidding... that bit of techno-voodoo actually worked??!! [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/eek3.gif[/IMG]

There are a few different infections which display bogus alert warnings, let's see if we can find out which variant you have.
Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Download ATF-Cleaner and save it to convenient location.

2. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

3. Run another HiajckThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HijackThis once it completes its fixes:

R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\iMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [w03c6cb0.dll] RUNDLL32.EXE w03c6cb0.dll,I2 00011aaa003c6cb0
O4 - HKLM\..\Run: [w001cdbb.dll] RUNDLL32.EXE w001cdbb.dll,I2 00011aaa0001cdbb
O4 - HKLM\..\Run: [w06e9a83.dll] RUNDLL32.EXE w06e9a83.dll,I2 00011aaa006e9a83
O4 - HKLM\..\Run: [w1b8e5c0.dll] RUNDLL32.EXE w1b8e5c0.dll,I2 00011aaa01b8e5c0
O9 - …

I've heard of people resolving this exact issue by changing such seemingly unrelated BIOS settings as the AGP Aperture, or simply trying the reinstallation again and again until it worked. I'm not suggesting that you do these things; I'm just bringing up the fact that the "32 minute" stall is an irritating problem for which there hasn't seemed to be one single solution.

Maybe we can glean something illuminating from your system specs; can you post as many details on your system's hardware configuration as possible please?

I disabled something that said "Onboard SiS900 Lan DEVICE"

That would be it, unless you have an add-in PCI Ethernet card or a wireless networking card. If so, remove those as well.

So I go into BIOS setup and disable any USB or Firewire devices

No, only disable Firewire (IEEE 1394) devices; you should leave USB settings alone.

Having a Windows installation stall at 32 minutes left, while "installing network" is not totally uncommon. You can:

1. Disable any on-motherboard network and firewire adapters via the BIOS setup. Re-enable them after the Win setup completes.

2. Physically remove all PCI network adapters from the computer. Reinstall them once the Win setup completes.

Very good- let us know how the reinstall goes... :)

Recover console overview and usage:
http://www.kellys-korner-xp.com/win_xp_rec.htm

You can try running a "Repair" installation from the XP boot disk if you haven't tried that already. Instructions are here.

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Your Norton is useless if it expired that long ago, but you do need to have a good A-V program installed. Please uninstall Norton and download/install AVG antivirus 7.5. The program (and its updates) are entirely free for personal use, and in all honesty I've found AVG to be a better program than Norton in many ways.

2. Disable System Restore. Instructions for doing so (and an explanation of why you are doing it) are given here.

3. Your latest log indicates that you have not fully disabled SpyBot's Tea Timer feature. Please do that now; Tea Timer will block the fixes we are trying to perform!:

Open SpyBot, open the Tools menu on the right pane and click on Resident and uncheck Resident "Tea timer"(Protection of over-all system settings) active. Exit SpyBot once you have finished.

4. Please download the Killbox by Option^Explicit and save it to your desktop or another convenient folder.

5. Close all running instances of Internet Explorer.

6. Run another HijackThis scan and have it fix the following entries (note that not all of the entries may be present in Safe Mode). Close HijackThis once …

OK- Install the most current updates for Norton and run a full system scan with it. Have it fix everything it finds.

There is some hidden component of the PCShield infection which is recreating the other components after we delete them, but the next step will have to wait until tomorrow- it's 11:55 PM here, and I need to sleep.................

1. Hmm... when/why did you uninstall Norton Antivirus? It was present in your first log, but not your latest. :?:

2. I think SpyBot's "Tea Timer" function may have gotten in the way of the fixes I last posted. Please do the following:

* Open SpyBot, open the Tools menu on the right pane and click on Resident and uncheck Resident "Tea timer"(Protection of over-all system settings) active. Exit SpyBot once you have finished.

* Open AVG anti-spyware and verify that it has the most current updates installed. Don't run a scan yet; just close the program once you've verified that it is current on its updates.

* Download the attached nrp64eFix.zip file and save it to your desktop.
* Right-click on the downloaded nrp64eFix.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, verify that the target extraction folder is C:\Documents and Settings\Neil Patel\Desktop\nrp46eFix. If not, click on the "Browse" button, and in the destination selection box, hilight Desktop and then click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted nrp46eFix.bat file should open; don't run the file yet; just close the window.

* Reboot the computer into Safe Mode.

* Run another HijackThis scan and have it fix the following entries …

nrp46e-

I haven't forgotten the main issue here, but I'm only on my lunch break right now and don't have time to post the next steps for you; I'll do that later today.

is viewpoint manager spyware?
viewpoint media player came preinstalled on my dell...

Viewpoint is rarely knowingly downloaded and installed by the end-user; it usually comes bundled as an add-on to other sofware installations, or comes pre-installed on computers from companies with whom Viewpoint and/or its affiliates have a marketing agreement. Dell, HP/Compaq, and AOL are three such companies.
Although their FAQ states that Viewpoint is:

"Required with installation of AOL, AIM, current versions of the Netscape web browser, certain Adobe products, and some retail computers sold today."

It is not required in those instances, although it may be needed for some AOL features/extras (although not for the main AOL programs themselves). There are obvoioulsy many other programs/plug-ins capable of playing web media content.

Viewpoint Manager is the automatic online update component of the Viewpoint media player software. While Viewpoint doesn't collect personally identifying information about you via ViewMgr.exe, their privacy policy states this:

Viewpoint collects limited anonymous information in connection with its search and advertising products that your browser makes available whenever you visit a website. This information includes your browser type, browser language, referrer URL, the date and time of your search query and your operating system. We may use one or more cookies that may uniquely identify your browser.

and this:

"We may share aggregated anonymous information with others in general compliance with industry standards. An example of aggregated data that we may share in this way includes the number …

Hi nrp46e- welcome to DaniWeb :)

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Open your Add/Remove Programs control panel and uninstall the following programs if you find them listed:

* all Wild Tangent software
* PCShield
* Viewpoint Manager

2. Download ATF-Cleaner and save it to convenient location.

3. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

4. Close all running instances of Internet Explorer.

5. Scan with HijackThis again, put a check in hte box to teh left of the following entries, and then click the "Fix checked" button. Close HijackThis once it completes its fixes:

O2 - BHO: (no name) - {B33359D5-C6BC-4CDE-C58E-582CB8AE1D24} - C:\WINDOWS\system32\jboexihc.dll
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s C:\WINDOWS\system32\sfg.dll
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\

If the state of your system allows:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

* Uninstall the BSecure popup blocker (at least temporarilly), as the following HJT log entry indicates that a component of that software is missing or corrupt:
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

* Close all open instances of Internet Explorer!

* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix checked" button. Close HJT once it completes the fixes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted …

Outlook Express doensn't have a lot of firepower when it comes to filtering/spam blocking, but you can create a Mail Rule which filters based on the sender's name. One common trait I saw with my client's bogus emails was that the sender was always some variation of the usual "undeliverable" mail server auto-responder, so filtering out the sender names "Mailer-Daemon" and "Delivery subsystem" should block most (if not all) of the messages.

Someone suggested that I copy and past the Hijack This file since I couldn't upload it. Here it is.

Thanks for doing that- we actually prefer that members paste their logs directly into their posts; it makes it easier and faster for us to review the log that way.

1. I'd suggest uninstalling the SpyHunter software, as it has a history of questionable practices and mediocre (at best) performance. See this note for more info about that.

2. Your log's contents show nothing malicious, but if your problem is just a question of "broken" shortcut associations, a HJT scan wouldn't detect that kind of corruption. If this a problem with all/any shortcuts, try running the LNK (Shortcut) File Association Fix utility found on this site. If the problem only occurs with certain shortcuts, please tell us which programs the shortcuts are associated with.

or is someone else just using my email address to generate these

I just worked through this issue with one of my clients last week, and we found that the "Mailer Daemon", "Failed Delivery", etc. messages were indeed coming from the outside, and were forged. They were not the result of malicious activity on his computer; his system was 100% clean.

If you're getting enough of these incoming emails to bother you, your only choice is to filter them as Spam; the exact method of filtering will obviously depend on your particular mail software/setup. You shouldn't have the filter software automatically delete them though, as you will occasionally get valid "undeliverable" messages in response to emails which you have knowing sent from your computer.

You have number of nasties there.

Yes, and that being the case, on top of Chalky's suggestion to run Spyware Doctor, please also do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

1. Download ATF-Cleaner and save it to convenient location.

2. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.

3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

* Double-click ATF-Cleaner.exe to run the program.
- Click the Main menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.

If you use Firefox browser:

- Click the Firefox menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.
…

But the original thread starter finished his project already...

Actually, I also missed that statement, buried in a sea of code posts as it was. :) I wouldn't have added any input to this thread at all if I'd seen that.

Why? Is this likely to help the OP? If you want to offer a challenge, start a new thread, don't hijack someone else's thread

Yes- responses to a thread should be directly related to the original poster's question/problem. Tangential postings only sidetrack the issue.

Let's get back on-topic.

Hello luism, welcome to DaniWeb :)

To begin with, please do the following:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

* Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

* Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

* Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

I thoiught myself that it was the regional settings, so reset this earlier.

Did you dig deeply enough in to those settings?:

* Open the Regional and Language options Control Panel.
* Click on the Languages tab.
* In the Text services and input languages section, click the Details... button.
* In the Settings tab, set the default input language to your language.
* In the Installed services section, configure the keyboard options such that only the keyboard device and input language listed are those which are correct for your particular system.
* Click OK to apply your changes and close the Details window.
* Click OK again to close the Control Panel window.

You've obviously changed the setting from american style keyboard to english style or vice versa.

Go to control panel > regional and language settings.

From English (UK/Ireland) to US, judging from boanerges' description (a US keyboard has no monetary "pound" sign).

Try pressing shift + control, that works for me. I think it's some sort of shortcut to changing the keyboard.

Yes- it's a shortcut to switch between available keyboard layouts.

[IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/nono.gif[/IMG] Do not post links to dating sites in our forums ! [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/Smilies/nono.gif[/IMG]

Doing so skates on the very hairy edge of violating more than one of our posting rules.

The discussion itself is fine, but the links are not. I've given the benefit of doubt here and only removed the links, but further link posting will result in post deletions and infractions.

- Thanks.

That's a clean log :)

Sheesh! Talk about blowing your own horn...

:mrgreen:

i just missed a wire i had to add to the adapter...

D-oh! :mrgreen:
Seriously though- glad you found the fix.

Good find- the card is made by a Chinese manufacturere named "Sanxi". Unfortunately, their web site is basically horrendous, probably even more so since I'm trying to navigate the English version of it.

I could only find a driver download for the "A" version of that card, but it looks like it should work with all cards that use the ULI M5285 controller chip. The download file is in RAR archive format; you'll need a decompression utility such as WinRAR to "unzip" it. Instructions for creating the driver installation floppy and using that floppy during a Windows XP installation can be found in the README.txt file in the CK-0019A\SATA50XX folder of the driver package.

The "ULI M5285" number is only the identifier for the main controller chip on your card; I'll need at least a brand name for the card itself in order to help you find the right driver software. Look on the card and your paperwork to see if you can determine the card's manufacturer; if you find an actual model name/number, that would be even better.

Windows doesn't recognize your SATA card, so you'll need to load the card's drivers (probably from floppy) at the appropriate point in the Windows installation procedure.

If you give us the exact make and model # of the SATA controller card we can probably give you more specific instructions.

\WINDOWS\System32\SYSTEM\SYSTEM.CONF

Please check the error again; I think the above filename/pathname is incorrect.

If the real filename in the error is "C:\WINDOWS\system32\config\system", you have a corrupt Registry. Please see this post for an explanation of the error and links to 2 methods for repairing it.

Cool- glad you got it figured out. :)

The instructions for roguescanfix indicate the following:
Please note that when the program starts it will download a program from the Internet that it needs to use during the cleanup. If your firewall gives an alert about this, please allow the download.exe or run.bat program to access the Internet.

BFU.exe (Brute Force Uninstaller) is the additional program that roguescanfix needs to download, so you need to have an active working Internet connection when you run roguescanfix. The error you got indicates that roguescanfix couldn't go online to get BFU.

You are infected with the "VirusBurst" parasite, which is a member of the Smitfraud/SpywareQuake/etc. family of bogus antispyware products.

Description:
This application uses false positives and fake security warnings in your taskbar as a goad to scare you into purchasing the full version of this software.

Complete removal instructions, including visual/graphical aids, can be found here; please work through the steps in the automated removal section of the instructions fully and completely.
When you've finished the procedure, please post the contents of the C:\Program Files\RoguesScanFix\task.txt log file, the log report generated by the Panda online scan, and a new HijackThis log.

* What is the exact make/model of sound device listed in Device Manager?

* What are the details surrounding the initial occurence of the problem?

* Right click on your My Computer icon.
* Choose "Properties" from the resulting drop-down context menu.
* Click on the "Hardware" tab,
* Click on the "Device Manager" button.

In the list of your installed hardware, are there any devices which have a yellow exclamation point or a red "X" next to their name/icon? If so, double-clicking on the problematic device will open a status window which will give you more details concerning the error.

Post those details here (fully and completely), as well as the exact name of the device in question.

Sorry the news isn't better, but it really does sound like you're looking at a motherboard replacement...

Someone suggested the motherboard might have been "tweaked" (for the lack of a better word) just enough to cause a stress crack ...I can't understand is why each slot works and tests good with the diagnostics when only one DIMM is installed.

Damage to a memory controller chip or one of the address/data circuit traces on the mobo can cause problems with ranges of memory addresses, or memory addresses above a certain point, regardless of whether the total installed memory is contained on one RAM module or multiple RAM modules.

Dell's support site alludes to the above in their description of the exact error messages you are getting from their diagnostics:

Message:

Memory address line failure at address, read value expecting value

Memory write/read failure at address, read value expecting value

Probable Causes:
Faulty or improperly seated DIMMs or defective system board

I'll be lurking around keeping an eye on the progress; I've got email auto-notification applied to this thread....

I hope DMR doesn't mind if I try to shoot the trouble right away.

Not at all; please be my guest. Your knowledge of German will honestly be much more helpful than my lack thereof. :mrgreen:

Sorry, I stumbled a bit late over this thread:
I speak german. (Argh...I've blown my cover...:mrgreen:)

And we're oh-so-glad you did. :D
If you can shed any licht on the subject, it would be much appreciated.

End note: the NProtect folder is indeed a Norton component; specifically, it's the folder where the Norton Protected Recycle Bin feature stores items you delete.

Unfortunately, without an English version of the manual, I'm kind of stuck. Every router's built-in configuration utility uses slightly different terminology, layouts, etc., so I can't really point you to anything specific because I can't read that particular router's documentation.

I've got to go to work right now, but I'll see if I can turn up anything more when I get back home this evening.