Posts by DMR

1. You can't "force" a restore to a point in the past; if no restore snapshot already exists for a given date, there's no way to go back to that date. The "create restore point" option is only for creating a new snapshot at the time that you execute that option.

2. In terms of reinstallling Windows, XP does have a "repair installation" method, as jhay116 mentioned. Instructions and advice on the procedure can be found here. The Repair install will basically "refresh" your current Windows installation, replacing your existing operating system files with copies from the XP CD, but leaving your data and installed programs intact.

Before going that route though, you should run the System File Checker first, as it is a less "drastic" way to repair (at least some of ) the possibly corrupt or missing core Windows components. A visual/graphical walkthough of using the SFC tool can be found here.

3. In terms of the "unable to complete the operation..." error from Event Viewer, there are different causes (and fixes) for that category of errors, but given the state of your system right now I don't think it's a good idea to start randomly trying the different fixes. Try running SFC first and let us know the results.

...in my area there are bad areas for cable where they have power outages and you have to power cycle when this happens. Apparently it can happen as often as once a week depending on where you live.

I know that one all too well; it happens quite often in my area, especially during winter and storm seasons. It's definitely a bummer, but there's really nothing that can be done about it on our end. :(

Due to the fact that the member who originally started this thread has not responded in over 1 year, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems/questions need to start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

You're welcome. Does that do the trick for you?

why is the only system restore point listed like 2 minutes before the time that i restored it?

?!? I'm honestly not sure. Had System Restore been turned off (before that time) for some reason? Did you receive any messages/prompts to that effect when you first ran the utility?

wouldnt you want to restore it to a point previous to when the problems started????

Yes, exactly- that's what we wanted to accomplish in this case.

i'm the owner of the computer, then if i signed on under my name would i be signing in as the administrator?

Although it's a horrendous idea from a security standpoint, the owner's account (the first account created when Windows was installed) is automatically made a member of the Administrator group. Therefore, the answer to your question is essentially: yes, because the owner's account has the same powers as the built-in "Administrator" account.

* What happens when you boot the computer into Safe Mode? (You access the Safe Mode boot option in the same way you got to the "Last Known Good Configuration" boot option.)

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning". Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates or flood us with …

OK- let us know the results whan you can...

Grrr!

1. Please give us the full and exact contents of the blue-screen error if it comes up again. There will probably be what look like cryptic numbers/codes and filenames in the message, but they do mean something and can be helpful in pinpointing the problem.

2. You may be able to regain functionality be booting the computer into its "Last Known Good Configuration". Instructions for doing so can be found here.

3. If you can run Windows' System Restore feature, that may also be able to undo whatever went wrong during the CCleaner/Spy Sweeper scans. Microsoft's instructions for using System Restore can be found here.

OK, we'll be here; get back to us when you can.
Our site's auto-notification feature will alert me that you've posted, so this won't get "lost in the haze" even if it takes you a while to respond.

I cannot locate "Remote Packet Capture Protocol" or rpcapd. I have "Remote Procedure Call (RPC) Locator"; and "Remote Procedure Call (RPC)". I'm pretty sure I'm looking in the right place...

If you've found RPC and RPC Locator (which are valid Windows services), you're definitely in the right place.
There is a good chance that my original attempt to delete the actual "rpcapd" service did work, and that the related Registry entry we see in your HJT log is just a loose end. If you haven't already, run another scan with HJT, put a check in the box to the left of the O23 - Service: Remote Packet Capture Protocol... entry, and then click the "Fixed Checked" button.
Once the fix is completed, close HJT, reboot the computer, run a new HJT scan, and see if the entry is still present (hopefully, it won't be). Let us know the results.

Also- if you do have any questions regarding the broadband connection problems you're having, feel free to ask us if you'd like.

1. The Yumgo software is a downloadable "homepage hijack protector" program. It isn't known to be malicious, but if you didn't knowingly install it, I'd suggest uninstalling it through your Add/Remove Programs control panel. Simply "fixing" its entry in HijackThis will stop the program from running each time Windows boots, but it will not remove the software from your system.

2. My attempt at removing the rpcapd service didn't work; let's try it another way:

*Open the Services utility in your Administrative Tools control panel.
* In the list of services, locate the service named "Remote Packet Capture Protocol" or "rpcapd" and double-click on it.
* In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
* Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.
* Run HijackTHis, put a check mark next to the following entry, and then click the "Fix checked" button:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
* Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK; close HJT …

my cable box thingy's light goes off sumtimes...

The "cable box thingy" is the cable modem, and it probably has more that one light on it. Depending on exactly which light goes out or starts flashing, the problem could be on your end or on the cable provider's end.

If the light is labelled "LAN", "Ethernet", or "Enet", that usually indicates an inside problem such as a bad cable between your modem and the computer, or perhaps trouble with your network connection software.
If the light is labelled "WAN", "Internet", or "Online", that indicates a problem between your cable modem and the "outside world".

There are a few things you can do to try to pinpoint and/or fix the problem:

1. Check all of the wiring involved in your Internet/network setup: Make sure the incoming cable wire (the thick, round cable) is firmly and fully tightened down to all connectors (at the wall, at the modem, etc.), and make sure all inside network cables (the ones with the telephone-style connectors on them) are in good condition (no cuts, nicks, or tight kinks) and firmly plugged in to their respective devices.

2. Turn off the cable modem and the computer (physically unplug their power cords). Let both devices remain off for a minute or two, and then:
* Plug the power cord back in to the modem and turn the modem on. Wait until the modem has fully booted up and initialized (that is, wait …

THINK ABOUT DISPLAYING THE TIME OF THE USER ACCORDING TO HIS TIME ZONE ALONG WITH WHAT YOU SHOW RIGHT NOW

Each user can set the the displayed timestamp to that of their own time zone. To do so:

* Click on the Control Panel link that appears in the header at the top of the forum pages.
* Click on the "Edit Options" link in the "Settings and Options" sidebar on the left of the main User Control Panel page.
* Modify the Date and Time settings (found near the bottom of the page) to your liking.

(This is just my opinion, but I doubt it would be useful to display both the user's local timestamp and the forum's default timestamp.)

my conclusion is that one of the original viruses that were removed when I connected it to my other system had attatched themselves to one of the critical Win XP boot files...

A very likely possibility.
Glad you were able to pinpoint the problem and rescue your data. Also- thanks for posting the follow-up info; it could definitely be helpful to others who are experiencing a similar problem. :)

Seriously, isn't this thread like a year old?

Oh. Right. So it is.
Threadlock then, I guess....

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/DWThreadLock.jpg[/img]

OK kids- back to work now....

We're getting more than a bit off topic here, and I'd really hate to have to break out the Sacred Wet Trout, or even worse, a big ol' bottle of the dreaded DaniWeb Threadlock.

Do you anticipate a problem ??

Well... it did crash once before, yes?

Actually:
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

You should probably uninstall the Broadjump Client Foundation software that is mentioned in that entry of your HijackThis log. The Broadjump/Motive software is part of the broadband installation software, and since you said that the first install attempt crashed, it would be better to start the next install entirely from scratch.

Great; glad we could help :)
How is the rest of the install coming? DO you still have trouble with it?

Obviously, you've never tried to write a business proposal on an abacus. :mrgreen:

1. I was about to give you a short description of what the lexpps.exe is and does, but I found this wonderful summary over at AnswersThatWork and just had to pass it along instead:

Lexmark Printer Port Scanner. Background task which auto-loads with the rest of the printer drivers and which allows your Lexmark X or Z Series to be shared over a Windows peer-to-peer network using the conventional method of setting up a shared networked printer (without it, you will not be able to share the printer using the conventional Windows method).
Recommendation :
This task is a comprehensive nightmare. From preventing your PC from booting up, to interfering with your network card, to asking your Internet firewall for permission to install itself as a server application, to general PC instability, this task has everything to make you instantly return your Lexmark X or Z Series printer and go for something else, and some users have done so !! In order to regain your sanity the first thing to do is to rename LEXPPS.EXE to LEXPPS.EXE.OLD (do it in Safe Mode if you cannot boot your PC normally) – this will ensure that this task never loads and will cure all the problems that it causes. If you need to network the printer over a peer to peer network, do not use the standard manner, instead install the printer as a local …

1. Since the R0 HijackThis log entry doesn't have anything listed after the "local page=", I'm inclined to think it's harmless. The HKCU\Software\Microsoft\Internet Explorer\Main\Local Page value is a valid Registry entry; its appearance in a HJT log is usually only a problem when there is a malicious filename listed after the "=".
Can you please post the Spy Sweeper and ewido logs that I asked for in my last post? They will give us a better indication of whether or not there's still something malicious lurking in your system.

2. You should not delete the "018" entry; in this particular case the "(file missing)" label is the result of a bug in HijackThis.

3.

also, i don't understand this much, but it might help...

lol. Ahhh, yeah- I think I might have read that once or twice somewhere... :mrgreen:

it's still there...

Well, buggery on the High Seas- persistent little #@$%!

Please continue with the CCleaner and Spy Sweeper scans as outlined in my ealrlier post; Spy Sweeper may be able to kill it.

He could also remove the hard drive too and just use a bootable floppy...

We know that works from info in his first post:

I can manage to get it to boot from a WIN98 recovery floppy disk...

If this now boots up to a C prompt

Er- "A" prompt? :mrgreen:

One way to further pinpoint the fault would be to remove the original hard drive and install another hard drive (which you know to be good) as the Primary Master drive and see if the XP install CD sees that drive and allows you to install to it.
If that works, then your current drive likely has some sort of problem. Unfortunately, if that doesn't work, you could be looking at a pooched motherboard. :(

OK, then- Let's try to manually remove the offending Registry entry that HJT is having trouble deleting:

1. Download Mad_Cow711.reg and save it to your desktop. (Yes, the file is a tiny little Registry hack that I cooked up just for you... :mrgreen: )
2. Double-click on the downloaded file to run it.
3. Click Yes in the resulting "Are you sure you want to add..." confirmation dialog box.
4. Clcik OK in the resulting "Information...has been successfully entered..." confirmation dialog.
5. Run another scan with HJT and note whether or not the O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] entry is still listed.
6. Reboot the computer and repeat step #5.
Let us know the results.

1. How long have you been getting the errors from the CoreCenter software.

2. Please post the exact make/model/version/revision of your motherboard; CoreCenter exhibits such problems with certain mobos.

3.

Also I sometimes get a Norton 'Bloodhound' message

Details, please; you've given us nothing to go on here.

- Please post the full and exact details for the sound driver(s) you are currently using.
- Also give us as much detail/history of the problem as possible. The more we know about why/when the problem first occured, the better.

With the hard drive connected (and jumpered) as the Primary Master drive, remove/disconnect all unnecessary components from the motherboard (CD-ROM/DVD drives, network cards, sound cards, etc.) and try to boot the computer. Let us know the results.

1. If you did not knowingly install it, uninstall the Accoona toolbar using your Add/Remove Programs control panel. It is classified as Adware/Spyware.

2. Since ewido seems to be giving you trouble, download and install:
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Once installed, open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

3. Run HijackThis again and fix the O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\Jessica Hortsch\Local Settings\Temporary Internet Files\Content.IE5\9EZF2TII\WAS5Scan[1].exe" entry.

4. Reboot into Safe Mode and:

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Run CCleaner with the following custom (and admittedly paranoid) settings applied:

- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>Custom>Add Folder, navigate to and select the following folders one at a time (they should then appear in the custom folders/files list):
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other …

It was a probably a server-side disruption; if so, there wouldn't have been anything you could have done about it.

1. See if you can change the BIOS' CD drive entry from [None] to [Auto]. You probably can't to do that in the Boot Order section of the BIOS setup, so check other likely areas such the IDE or Advanced configuration sections.

2. If the above doesn't work, open the case and reseat the data cable.

...then i change how to open the file cause it was an application and i hit always open on notepad...

Do you know the extension of the deleted file's name? It would definitely help to know if the file was an .exe, .com, .lnk (shortcut), etc. file.

The problem doesn't appear to be on the site's side; I can access everything on the site through both IE and firefox.

Please give us:

- The exact URL, if it isn't simply "http://www.epiguides.com.
- Your browser name and version.
- Your version of Windows.

Here's a thread which pretty well covers the real deal with Rep Points:

http://www.daniweb.com/techtalkforums/showthread.php?t=856&highlight=rep+points

BTW- Dani get the "cscgal is just really nice" label because this is her site, and she hacks in nice little fluffies like that for herself every once in a while. The rest of us poor souls are, depending on our total point count, stuck being "unknown quanties", "almost famous", etc. :mrgreen:

What I found was that something had written in a registry file that loaded the thing from the web location.

Not quite, but you're on the right track.
The Registry entry you posted doesn't actually tell Windows or IE to load any file(s) from the malicious website, but it does make it possible for IE to communicate with the website, which is obviously a Bad Thing. To be technical about it, the presence of the "contentmatch" site in the Domains key is a modification made by the infection; it is not an actively malicious component of the infection, nor does is point to/execute such a component.

https!=W=4
The (horribly boring) breakdown of that cryptic code from SpyBot is:

https is the secure http protocol.
W=4 means that the default registry DWORD value of the https protocol for the domain in question is 4.
4 identifies the Restricted Sites Zone in the Internet Options control panel's Security tab.
!= is coding/scripting notation for "not equal to".

Human translation: "Yo, Bro'- I found a malicious site which should be listed in your Restricted Sites Zone, but it ain't!"

For a mind-bogglingly boring exposition on the whole ZoneMap/Domains thing, have a read of this Microsoft article (note: make sure you have a pretty good-sized dose of psychotropic drugs at hand; you'll need them....)

<whispers>
Shhhhh... asketh ye not.

Rep Power is that ever-elusive quantity found only in the deepest, darkest server closets of the lost land of Luawn-G'wuylynd.
The substance of the Power is discussed solely in The Hidden Realms of The Staff; we speaketh of it not in the light of the open forums...

I will probably try your other suggestions now before doing so

Agreed; I'd only use the Repair option after exhausting all other possibilities.

But I wanted to ask if the problem I'm experiencing has anything to do with my registry files? Because I've noticed that alot of the data has "value not set" which has prevented me from opening some files. Is there a way to repair my registry at all?

Many of the "Default" entries in the Registry do have a value of "(value not set)", so finding such entries is not necessarily indicative of a problem. However, Registry inconsistencies could definitely play a part here, so you might want to try one of the Registry repair utilities available at MajorGeeks. Registry Mechanic is a popular program, but I haven't personally used any of those utilities enough to really recommend one over the others.

And did that cure the regedit problem?

I got sidetracked because "localhost" was showing up in windows and I thought windows was compaining because it didn't like the name "localhost".

You're right- any computer (regardless of OS) running the TCP/IP protocol uses the local loopback IP address of 127.0.0.1, which is traditionally aliased to the name "localhost".
Given that, the net effect (no pun intended) of using "localhost" as a computer's network hostname can cause about the same amount of confusion as filling a room with a bunch of guys all named Bob Smith and then trying to do a roll call.

I'm putting this here so that when I have this problem again, it might only take 15 minutes instead of 2 hours to fix it... :)

lol- good future planning...

BTW- welcome to DaniWeb! :)

OK- let the system, as it is presently configured, cook long enough for you to be fairly certain that the problem is not (or is) still occuring.

Give it a reasonable amount of time and see if it remains stable before calling Comcast. Also- did your modem give you the upstream SNR? If so, it didn't make it into your post. (The other signal stats you posted look OK.)

I fussed around with localhost network settings for a few hours and then just started the smb service and it worked.

And so you dug up a 1 1/2 year old thread just to let us know? :mrgreen:

I hope I've done it OK

Yes, you did. :)

You will need to close/quit all open programs and disconnect from the Internet for some of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Open your Add/Remove Programs control panel and uninstall the "Spyware & Adware Removal" product, as it is definitely not a recommended program. It appears on the list of Rogue/Suspect products with the following explanation:
"uses flawed, inadequate detection scheme"
Before buying/downloading/installing any purported "antispyware" program, you should definitely consult the Rogue/Suspect list.

2. Your log indicates that you have two antivirus programs (Panda and F-Secure) running simultaneously. This is not advised, as having multiple antivirus programs installed can cause conflicts. Note that this is not the case with antispyware programs; they can coexist happily. It's up to you which program you keep, but you should uninstall one of them. Let us know which product you decided to keep.

3. Click on the "Run..." option under your Start menu, type "CMD" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open a DOS window.
* At the DOS prompt, type the following two commands one at a time, hitting the Enter key after each:

sc stop rpcapd
sc delete rpcapd

* Close the DOS window after the second command completes.

--- Please close/quit all open programs …

OK- try/check the items I posted earlier and get back to us with the details after that. The problem could well be on Comcast's end, but it's always best to eliminate everything that you can before you call for a service visit. Comcast does support your modem, so that's one thing in your favor.

* When you power-cycle the equipment, physically remove the power cord from the modem and let it sit that wayy for a few minutes before repowering it, and wait until all of the front-panel status LEDs have stabilized before turning on the computer.

* Post the signal-level info from the modem if you can get it.

Hi Lc0756, welcome to DaniWeb :)

To begin with, can you please post the exact make/model/version of the modem?

OK. I wish I had a less drastic suggestion for you, but as I said, it looks like you've tried the usual recovery steps.
However- please be aware that reinstalling Windows on top of an existing installation is not foolproof; there is always at least the possibility of data loss.

Those errors in the modem log are all related to the WAN-side connection, so I seriously doubt that plugging a computer directly in to the modem will change anything. However, you may have to get that configuration working to avoid the inevitable "sorry, but we don't support routers" excuse that Comcast tech support will undoubtedly give you.

* When you said "I tired connection a laptop directly into my modem but got nothing":
- What exactly is "nothing"?
- Did your laptop even get an IP assigned to it by/from the modem?
- Did you power-cycle both the modem and the laptop once you connected the two, bringing up the modem first and allowing it to initialize before restarting the computer?

* What are states of the status LEDs (especially DS, US, and Online) when the problems occur?

* Can you pull the signal-strength/SNR status info from the modem and post it here? If you monitor those numbers, do they differ perceptibly during the times when the connection is working properly and when it is not?

Considering that you still can't boot into Safe Mode, and don't even have a taskbar to work with when booted normally, I'd go for the Repair option I linked to in my last post.

Bugger :(
It sounds like you've tried all of the normal repair options available for ME. As far as what comes to mind right now, I think that attempting an "in-place" reinstallation of the OS might the only option left if you want to keep your data intact.

Also:
Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning" whose time-stamps coincide with the crashes. Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates or flood us with the entire logs). To do so:

In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

...I tried to restore settings...

Are you saying that you tried the System Restore feature, or that you tried to revert the changes made by the newly-installed printer software (by uninstalling it, perhaps)?

BMW-->Yuppie