Posts by gerbil

sudo dd if=./linuxmint-17.1-cinnamon-64bit.iso of=/dev/sdd bs=1M

You copied a file (image) to a device, not a partition - everything under the iso is hosed, the partition table has been rewritten. Why do they nick dd the data destroyer? beats me...
Anyway.... Linux conforms to the ntfs spec, so the backup table will be overwritten, also. What will remain are the old sector boundaries that have not actually been overwritten (by your iso or other) for all old partitions - TestDisk can find those using its sector search (Deeper Search).
You must recognise the valid from all that it finds, and write them to the table. Of course, the new partition sector will be the first valid one. Your searches can be quicker if all your partitions were written to cylinder boundaries (XP spec); if not necessarily so (Vista, W7 spec), then the search is quite slow.
Each boundary sector (there are beginning and end sectors) contains a table with beginning and end info for that partition, and the MFT location. You need those MFTs - without them, files are simply lost. Testdisk can read file tables, but not rebuild them. So if you choose an incorrect boundary then TD will likely not find that partition's FT (you test by checking file lists, contents).
When satisfied, you write the table. Not correct? Nothing more is lost, but time - you do it all again.
As for your OS, 1.4GB is a lot to lose; there is an …

I wrote "So all is good, Lx IS on 4, Swap on 5." I did mean 4th physical and 5th physical, not the MBR order.
I'm moderately sure that that error msg about ntoskrnl missing comes from winload.exe, the pgm that loads the windows kernal and then hands to it. I think with W7 it goes bootmgr reads config data, loads winload, winload loads the kernal and drivers. I rather think that Grub has taken over the W7 boot manager's job by installing itself there, and messing up boot. But then you can get to the W7 boot manager via a different Grub link, and that works. So... I'm confused, but since your Active partition is the Dell Recovery, I guess Grub is there, and possibly the bad W7 link points to the wrong partition or more likely is just plain bad, so reinstall/fix Grub (this lil duck cannot do that), and the good link points to the W7 partition and its boot manager (bootmgr used is in the volume boot record of the selected partition). A normal W7 boot would involve the Active partition and its volume boot record. Ok, I admit it, I'm lost, and I find the Grub config data too arcane to get interested in.
Can you live with it? Else it's off to the Linux forum with you.

Crazy. From your wording it almost sounds like you want to somehow have Minecraft access the RAM in the desktop from the laptop. Maybe in Startrek, but not in any world I know of.
If you wish to physically swap RAM sticks, then no to that also. The two RAM systems are physically and electrically incompatible.

Certainly, muhammad, 4 GB of RAM will make a very noticeable difference, even with your current OS. But 32bit OSes cannot use quite all of 4GB. 64bit Windows 7 at least, makes better use of available memory because of an improved memory manager, plus is capable of using all of that 4GB compared with 32bit W7.
W8.1... I don't know how efficient its memory management is. Of course, there are still softwares that are not available in 64 bit, but 64 bit Windows 7 or 8 will run them as 32 bit. So consider a 64bit OS; your current E4500 is capable of running it.

Ye-es... but somewhat slowly cos of not much RAM, and a slow CPU. But there are tablets designed for W8 specced like your system.

Oh. Didn't spot your reply. Um... the actual records in your partition structure are simply out of order, which is of no real significance because it is just a list which gets referenced by entry number or searched (eg. for the Active marking), but it plays merry with humans. You can reorder them, but puters don't much mind. TestDisk lists (in that screen) and Windows Disk Mgmnt depicts the partitions as it finds them in the MBR, Lx seems to order them, which is why I thought your Swap was huge (went by the size in Disk Mgmt), and also that boot might be Ptn5. Just as an example, (and one of a perfect structure) I show you a pic of mine:
Boot, then 2 more Primaries, followed by an Extended partition - you can see that the first record of it envelops ALL of the Logical drives. Following Extended partitions envelop each associated Logical drive, which start on the next sector. My partitions all end on cylinder boundaries cos I'm using XP, but W7 partition boundaries are not fixed so. Back to your table...
At the end of your third Primary there is a small gap... no biggie. First Extended (4) points to the following logical partition in the chain (the Swap), while its own (the L Linux) starts on the next sector (again, first E is shown covering the whole of logical drives, but that is not significant, MBR-wise).
So all is good, Lx IS …

Curious, here. What device is it actually booting on.. dev/sda? I don't think it is sda4....
If you don't mind, it'd be good if you got hold of TestDisk by CGSecurity, and ran it.
Start it > No log > Proceed on disk > Intel > Analyse ... and take a shot of that first screen with the partitions (it's a snap of your MBR).
Post it? (if you go past that screen it is reading partition boundaries from the disk, and that that can show a mishmash cos it picks em all up, even non-overwritten oldies). Not interested in that, yet. Just curious about missing Ptn3.

That missing partition 3 puzzles me. Let's ignore it for the moment.
P0 : 0xde is Dell Utility, so SteveDotNet may well have been right about it, above, after all.
P1,2 : 0x07 are NTFS for W7 (see that your Recovery ptn is set Active, is System? It contains your boot files for W7. Urg.)
P4 : 0x82 is Linux Swap. Pretty huge for a swap partition. Really huge. A dead loss of space.
P5 : 0x83 is Linux, type ext2. So I mixed those last two up in my mind... :)
Anyway...
Note that the command to check a directory terminates with a "/", so:
ls (hd0,4)/ -the "/" makes it a pathname, actually the root directory here.
The tab in ls (hd0, ) just does an auto-complete, or blank query, if you like.
root (hd0,4) might have worked. Or root (hd0,5) ... that missing ptn might or might not need accounting for. But...
ls -will list the partitions.
rootTAB -will find the linux boot ptns. Then root it thus:
root (hd0,?) - get the ? from the root cmd output above. Then:
kernelTAB -will give you the kernel name to use for kernel and initrd cmds.
I could get you to run another software under windows to discover what that missing Ptn 3 is...
That swap ptn.... should be only 2 or 4GB, really. And boot files in the Recovery partition is a bit... untidy. See how we go booting Linux first.

" I would only do a BACKUP every 2-3 months"
EEK!!
My sys does one (incremental) every day if it's running. And I re-image my system drive every couple of months, and disconnect and remove the image disk. Why? Because I KNOW it takes at least a full day of hard work to get a new installation set up completely. No thieves, no viruses or kiddies where you live? And disks do die.
Seriously, SyncBack (or similar) is the go. Free, can be scheduled, and will do automatic, periodic, background backups of work if you so wish. Has the power never gone off at your place?
If you've got a good BU software, you rarely need to touch it. Another thing, there are a LOT of posts on forums about file recovery, there are businesses which do little else, and all because people don't do timely backups.

Anyway, from the tenor of your post I'm guessing that you do not have a backup disk drive right now. Not just a partition on your main hdd... that just does not cut it as backup at all. A separate hdd for backups and warehousing of stuff is safer. So use it for that. You could even put your main page file on it as an outer (first) partition to speed your sys a little, with still a small one on your main hdd.
If you don't put a page file on it, but just use it for backups and warehousing then set it in power options to shut down after, say, 10 minutes, because you will likely set your backup software to run just once daily. Less wear and tear on a seldom used drive. With ten minutes, if you are doing incremental backups every 5 or so minutes on some important file as you use it, it will stay on for the duration.

Being uncertain as you seem to be, I would open it up, remove the immensely strong magnets from the arm motor, and stick them on the fridge door whilst you choose from the almost unlimited variety of uses to which they can be put.
I cannot think of any at the moment, but something is sure to occur to you one day.

These are computers, violet. It is to your fortune to be away from them.

I'm with you,Jorge. Linux forums horrify me.

You can see Grub's command prompt. Now you need to locate your /boot directory. I think this should show it (throughout I am assuming that partition 4 from your Diskmgmt pic is the Linux partition):
ls (hd0,3)/
-you should see vmlinuz initrd.img and boot/
If that doesn't show /boot etc, then ls (hd0,tabkey) will list the drive options. Search the likely one with ls.
So then you would run:
root (hd0,3)
kernel /vmlinuz root=/dev/sda4
initrd /initrd.img
boot

Did that boot ubuntu?
(Grub counts from zero, linux from "a" and one)
ls is LS....

The 102 MB partition is the System Reserved partition. W7 placed it there because at some time you installed W7 to an un-partitioned disk (if you had forced W7 to a prepared partition the SysRes partition would not be built). Don't remove it - booting files are there, and it is needed for Bitlocker.
Your Linux.. it's not marooned. Dual booting W7 and Linux.... get EasyBCD Free. Method is here:
http://askubuntu.com/questions/139966/how-can-i-add-an-entry-for-ubuntu-to-the-windows-7-boot-menu

Use a smart downloader. The MSupdates BITS is one, Opera browser uses one for all downloads. That way, if a download halts the software can restart it fro that point. Torrents, well, yeah... sometimes a source can drop off the net and not be replaced if it's a rare file.

.

This appears to be a Chrome issue, but Microsoft has a fix for it :http://support.microsoft.com/kb/883260
Somewhat involved, but if you follow the instructions carefully about editing the registry you should be ok. It's the User's hive HKCU that is involved, so there is reduced risk of jamming up your machine.

So around this time you uninstall Avast (use the uninstaller from their website!) and then reinstall it if you so choose.
Any AV will automatically scan downloaded files (and also uploading files if you set it so), although some will delay the scanning of a downloaded file until it is accessed the first time.

An administrator does not normally have access to the personal files of other users, those in their My Documents folder. But it's a computer, the stuff is there....

There is Java, and there is Javascript. Totally different.
Some applications use/require Java, and some applications that are run through websites for specific purposes, oh... like share trading displays, engineering functions and so forth. Most people don't require Java at all. It is not related to browsers, but some sites do invoke it. After Adobe products it is generally a user's biggest security risk, so if you do not specifically need it, don't install it. Javascript... used on many webpages - a lot of features (like some logins etc) will not work if it is not allowed in the browser's settings. Generally useful to "enhance your webpage viewing pleasure". Not much more a risk than is html.

It seems that you have specified a paging file size that is rather too small. On the Performance Options page that pops choose the Advanced tab, then click Change on the Virtual Memory section; in the new Window set a Custom size, as a guess 1000MB min and 1500MB max, Set and OK your way out.

Those things work only if the MFT has not been corrupted/overwritten. With a recovery... only the slightest chance of success.

Digitalriver.com is where you go - it's the official download site. This site gives the links to available versions. :o
Pretty much with W7, you choose SP1, media refresh, and 32 or 64 bit. Then, before you burn your disk (or load your UFD) you simply delete a file (sources\ei.cfg) and so will be presented with the choice when installing of Home, Pro or Ultimate (match your licence!). Downloads are free.
http://forums.mydigitallife.info/threads/14709-Windows-7-Digital-River-direct-links-Multiple-Languages-X86-amp-X64/page59?p=470600&viewfull=1#post470600
Why delete that file before loading? Simply, it gives you access to all W7 flavours. May save a future burning/download. You do need a software such as Isoburner to open the iso, then to recreate it. Or WinRAR plus Imgburn. Whatever.

Midi, it would be churlish of me to offer a solution to your problem. Cos you're having so much fun, and further, investigation is a great source of (self) learning.
Besides, I don't have one...
Okay, I think your BIOS sucks... I might try flashing it if it was mine.
Ha... and then the whole page loaded (freaky delay), I read up and saw that you had fixed it.

Michael, use one of these online scanners:
http://www.eset.com/int/home//products/online-scanner/ If you do not use IE it will load and run a temporary installer.

Using IE: http://www.f-secure.com/en/web/home_global/online-scanner

Either will identify the locations of malware files and allow you to remove them.

MBAR found nothing? Interesting.
==Download TDSSkiller from this link, save it to your desktop:
https://support.kaspersky.com/viruses/utility or http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
=Start TDSSKiller,(((( click Change Parameters. Under Additional options check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK. ))))
-click Start scan;
-choose Skip for unsigned files;
-choose Cure if TDSSKiller finds a rootkit and prompts a Cure or Delete [a reboot may be required];
-do not Delete or Quarantine any files.
Post the log from C:.

Michael, I do not know where you got to in your installation attempts, but if the MBAM program folder exists, check in there for chameleon.exe; if it exists then run it, and again try to install MBAM immediately afterward (no restart beforehand).
If you don't have chameleon, then here it is for download: https://www.malwarebytes.org/chameleon/
It unzips with a help file.
IF that works then update MBAM and post a quick-scan log. Retry GMER.
CCleaner is preferable to AFT. And you likely have an infection (a rootkit malware) which is preventing MBAM from installing or running; chameleon is to deal with that problem specifically.
Given that, you should also run MBAR before attempting to install MBAM... https://www.malwarebytes.org/antirootkit/
The page has the simple instructions.

I'm thinking that since you activated your machine with your product key that same key has been used on another machine. M$ has thus invalidated your activation. It could have been copied from your machine's sticker or from the cd case, in your home or the store.

That code is reporting what is normally (and in your case would be ) a software error, likely a driver because the system worked in safe mode. May I suggest that you force another bluescreen and read the faulting module (likely a .sys file), or download a file called BluescreenViewer.exe and load the latest files in Windows\Minidump into it - that will give you the faulting software module.

Once you're mentally committed to the drive's death, there is a cracker rare earth magnet in the "motor" section of the read arm. Put it on your fridge door and you will need a knife blade to lever it off.

Fingers... brain... something....
Vsn 8 is about a 20MB download.

Him mcortino, thanks for getting back re TestDisk. Something must be badly wrong with your disk... an advanced search with TD on my 250GB drive takes around 15 mins. It's a sector scan, it's hunting for boot sectors. Once it has those accepted it can locate the MFTs, and then files.
Minitools have Partition Wizard; I use it for disk manipulation, and it comes with a partition recovery service. Free. Vsn 8 is about a 20GB download.

If Windows Disk Management can see the disk then TestDisk should cope with it. Not Initialised shows beacause the LDM cannot see a partition table. TestDisk in its deep search will ignore the partition table and hunt for the boot sectors of each partition, thereby establishing partition boundaries. If you have in the past moved or erased partitions then TD might find these via their bootsectors if they have not been overwritten - a bit of confusion, but checking the data table presented should sort out real from unused.
There is a backup bootsector in the last sector of a partition. Records in the bootsector point to the MFT and the MFT mirror. Pretty much, for each partition you need a valid bootsector (either) and a valid MFT (either). Without these, file recovery is difficult.
Formatting writes a new partition table and NTFS system files to the disk, not a problem in your case cos it is busted already.

That BIOS setting about restarting after power interruption (if you have it)- it should not be the problem in your case, but try turning it off. I don't have it set to auto restart because if a power outage is bad the power line auto-restart system will try to reconnect power 3 times before giving up, and I don't want my computer subject to that behaviour. But yes, the mb firmware/hardware controls switch-on behaviour, adjustable via BIOS settings.

A first for me, also. You could try Adwcleaner from http://www.bleepingcomputer.com/download/adwcleaner/
- run the exe, hit Scan. When it completes you can press Report and post the result here for advice. Review finds carefully if you wish to Clean unaided.
As an aside, Ghostery will block adcash and similar sites cold. Worth getting, esp cos it's free.
With FF, if you pause on the bookmark in the list you should see the URL pop - if then you are truly redirected something has infected FF, likely via an extension. Best to reinstall it, but make sure to delete the Mozilla folder under Applications in your profile first.

Do you have sufficient space on your W7 lappie to image the W8 hdd? Then use Minitools Partition Wizard (free, download it): first of all, use it to scrunch up the files on your W8 hdd into the smallest partition(s) possible, next to create contiguous unallocated space on your W7 hdd, and finally to image the W8 hdd partitions into that. This method will not give a hoot about user permissions, and they will be available as long as you include the system (with its registry, naturally) in the image. The registry identifies the users and file permissions.

Lord, no, don't run a Repair, that would blast your sys back to the stone ages... it takes the registry from \Windows\repair and if you have not done a System State Backup lately, well, that folder dates from installation. Check the dates on the reg files in there.
By all means run sfc, but note that both TDSSKiller and ASWMBR check important system file signatures.
Likewise, your Backup files may be compromised.... when you are sure your system is clean and functioning well you should remove them all and make a fresh one. May I recommend ERUNT?
Anyway, as to the fix, it should continue because something dropped that bootkit in there, and likely it's still lurking. If a trojan, it could be a downloader (of the rootkit files etc). So...
- RogueKiller, again, then
- run MBAM again.
- run JRT again
- eSet Free Online Scanner

Have you got the tail of that TDSSKiller log? It's missing all the good stuff.
If that screenshot is from your latest TDSSKiller run, then rerun it, but...
- still skip cmuda3
- delete the TDLFS, and
- default action (cure or delete) for the rootkit.

From your ASWMBR log:

9.   23:36:44.671    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi
and..
17.  23:36:48.796    Disk 0 MBR read successfully
18.  23:36:48.796    Disk 0 MBR scan
19.  23:36:48.843    Disk 0 unknown MBR code
20.  23:36:48.843    Disk 0 MBR hidden

That would be the worry. Any reason your bootdisk MBR is non-standard, and hidden? Anyway, the TDSSKiller run should repair it; in any event ASWMbr can write a new one.
Rerun ASWMBR after the TDSSKiller fix is complete.

Ah... let's go after the pest. Some exploration:
==Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
=Start TDSSKiller,(((( click Change Parameters. Under Additional options check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK. ))))
-click Start scan;
-choose Skip for unsigned files;
-leave or set at Cure if TDSSKiller finds a rootkit and prompts a Cure or Delete [a reboot may be required];
-do not Delete or Quarantine any files.
Post the log from C:.

==Download aswMBR from http://www.bleepingcomputer.com/download/aswmbr/
Start it, press Scan [it will download virus definitions from Avast], wait the 3 or 4 minutes until it says Scan completed then press Save Log. Post that, please. Do NOT fix anything at this stage.
An MBR.dat file will appear on your desktop, it is a copy of your MBR. Do not delete it.

Hmm. okay. With your Opera torrent client disabled and the explorer instances multiplying, do they use the network at all? Check in Resource Monitor.

And... if you have the latest M$ C++ 2010 distribution you will have to uninstall that to get the debugger installed, and then you may reinstall it. The SDK installer won't work with the latest version... so much for compatibility... of their own products. But M$ never did promise that, anyway.
Honestly, getting the debugger installed may not help much. It will list the functions called, and I will struggle with more than a few of those, but may be able to identify what is the purpose of them. Honestly, we are motoring out to a place where I will be over my head.
I hope someone else can help?

Urg. That is not an interesting stack list you have there - your system has no debug capability, so no functions called are shown, just locations. The stack shows that ntdll.dll is calling ntoskrnl.dll at various memory locations, but it does not say what functions are being run.
ntoskrnl.dll deals with process and memory management and scheduling amongst other functions.
To go further along this path you need Windbg and the SDK symbols ... go here for instructions http://blogs.msdn.com/b/vijaysk/archive/2009/04/02/getting-better-stack-traces-in-process-monitor-process-explorer.aspx?Redirected=true
and here for the debugging tool http://msdn.microsoft.com/en-us/windows/hardware/hh852365 (halfway down, Windows 7 Standalone Debugging Tools) - follow those instructions and install the debugger. Then in Process Explorer, go to Options tab, Configure Symbols and fill the details as in the web page. The symbol pathname C:\symcache in the Symbol Path you can replace with one of your choice.
Else... did you check how explorer performed in safe mode, or with no third party services loaded?
Go back a bit... run the JRT in Safe Mode while you're in there.

Urk. Something is really working kernel32.dll. I cannot tell what, but all threads start from the same memory address. Dclick a few of those threads, and compare the stacks that pop. Post a couple. Note that with Process Explorer you only get snapshots of activity.
Something else... you could try a Safe Mode check on explorer.exe, or use msconfig to do a clean start ( go to the Services tab, check to hide all Microsoft services, then Disable all remaining Apply and restart).

Hey, you're welcome.
This forum is where I learnt a lot of stuff; you look at people's problems and find solutions. I find that the most interesting way to learn. It imprints it, like hands-on does.

Naw... JRT runs on 64 bit machines.
And yes, that's how torrents work. You get credit for seeding.
If you glance at your screenshot above, you can see that Opera is running as your torrent client, and the explorer processes are spawned by it.

For a start, HijackThis is pretty much out of its depth with W7. And malware is generally too smart now to appear in a simple scanner like HT, which has not been maintained/updated for years. A waste of time.
Your multiple explorer.exes... I see that you are running BitTorrent - that will do it if you have it set to open a folder for each torrent instance. Closing BT won't end those processes, but they will throttle back the amount of memory that they are using.
Bit of a worry that JRT won't run... try running RogueKiller first, then without rebooting, JRT. If that works for JRT, then you have malware. Well-hidden malware.

I don't know much about different soundcards/sound chips on mobos, but I do know that Realtek has a built-in equalizer which allows frequency band adjustments.

Hi, Rosy, just choose a forum topic you wish to address from the tabs below the <DANIWEB> banner, and do what you just did... post. Either in a current topic if you wish to add to that conversation, else click Start a New Discussion.

If you know what you are doing, then open a cmd window as System and run delete file from there. So, in a admin cmd window, enter:
at 12:34 /interactive cmd.exe
where 12:34 is, say, one minute ahead of your current time.