Posts by gerbil

Tricky. BTW, pressing F8 while in BIOS will only get you to the boot source menu.
A flat CMOS battery will put you into Setup every turn on, but from there you usually can start the OS. If you Discard changes (Esc) BIOS will run on from the NVRAM check, whereas Save changes will restart the system, naturally enough and hence BIOS runs again. Hmmm... but you're hitting Esc. A quick check... is the system time as reported by BIOS correct? And another... is BIOS recognising your drives before entering Setup?

When in setup, reset BIOS to defaults, save and see what happens.

I'm thinking that since you activated your machine with your product key that same key has been used on another machine. M$ has thus invalidated your activation. It could have been copied from your machine's sticker or from the cd case, in your home or the store.

Oh dear. Mods!!
I don't think that this site is one that encourages the use of "loaders". And a Loader will not make your Windows genuine, it will merely make it appear so by modifying the BIOS certificate to one from an OEM. But it's Microsoft's war, not mine...

And I'll just rewrite that to clear my confusion of terms.... because you won't see a Product ID if your Product Key is not accepted - you will not get an activation code.
-In the case of Vista, if you use any Vista retail installation disk there should be no problem whether your license (Product Key) is OEM or Retail.
-With some OEM Product Keys the OEM installation disk very likely must match your sticker OEM issuer eg HP, Acer.
-And some OEM Product Keys may work with a non-matching OEM disk... results vary because some OEM disks are pretty much retail copies, differing only in the additional software and driver softwares added as separate files, but your resulting Product Id will contain the letters -OEM-.
Obtaining a retail disk, or a retail upgrade disk will enable you to install no matter what.

-If you use a Retail installation disk, there should be no problem whether your Product ID is OEM or Retail.
-Some OEM Product Ids have the letters OEM as part of the ID - in this case an OEM installation disk very likely must match your sticker OEM issuer eg HP, Acer.
-Some OEM Product Ids do not have OEM in the code even though OEM or a manufacturer is mentioned on the sticker - you still likely must use a matching OEM disk... but results vary because some OEM disks are pretty much retail copies, differing only in the additional software and driver softwares added as separate files.
Obtaining a retail disk, or a retail upgrade disk will enable you to install no matter what.
There must be millions of unwanted retail Vista Product Ids out there, for free.

It is capable of running 32 or 64 bit op-systems; I cannot kno what you have installed.

Interesting how often this question crops up. Go to this page... you can either follow the instructions or wait a few seconds and the page will tell you.
http://support.microsoft.com/kb/827218

That code is reporting what is normally (and in your case would be ) a software error, likely a driver because the system worked in safe mode. May I suggest that you force another bluescreen and read the faulting module (likely a .sys file), or download a file called BluescreenViewer.exe and load the latest files in Windows\Minidump into it - that will give you the faulting software module.

Sorry, I dropped off the thread.
"When I select cd drive as source I get these options to select:
- Boot, efi, sources, support, auto run, bootmgr, setup and upgrade what one do I select?
Your system is set to not show extensions (and I think that is a bad option..); Setup is actually Setup.exe, so that was the one to dclick to commence setup.
Also, your cd drive was actually working; that you could read that list of folders and files means that your hardware (mb, hdd) is also working. But POST could not send its hardware list to the OS. I'm going with a software issue now... so what happened/happens when you dclick that setup.exe (your Setup) in the W7 dvd?

Follow that scan with a run of memtest86+ from memtest.org.
Coincidences do happen, it is likely to be a RAM module failure.

In safe mode? Monitor the CPU temp and its performance. Scans can load things up at times. Maybe open the thing and clean the blanket from the heatsink.

Right. I have never resolved whether the stress of being assessed on points-heavy projects or major examinations was a valid test of work-readiness. Your real-world performance assessment is rather like the internship doctors must go through. Good luck with it.

"Being an unpaid internship, I do as they tell me, otherwise my grade can go down"
Oh dear, would that mean that then you pay them? Just what ladder rung are you on? Ah... you're holding it...
No need to answer... :) We all start somewhere.

\Tracing\backupstack_rasapi32
\Tracing\backupstack_rasmancs
\Tracing\au__rasapi32
\Tracing\au__rasmancs
Mmm... these entries are obviously? concatenations with au.exe (dropped by Bagle worm?) and backupstack.exe (probably valid...).
I cannot locate info on rasmancs... everywhere rasmancs is the subject of outright deletion. They are then likely nothing to do with Softonic. But if not legal, why would they have a subkey created for them, or would the Remote Access Service do that automatically?
Anyway, they're gone.

Right. Um.. avoid Softonic and their file downloader. Sure, you get the file, but you also get some ads.... I wonder, though, about the subkeys in \Tracing, and why Softonic would be interested in remote access.

"safely kept in the City Hall's vault for some reason"
Gosh. Just... gosh. Microsoft has an official download site for the W7 installer flavours. Free....

Ok, RJ... I have not come across mbs with on-board speakers, but I note that Dell do make them. Some bit of hardware must have been monitoring SMART, or noting a problem otherwise. Dunno. Anyway, googling "hdd buzz routine" might give you guidance, or just waste your time.

I always wonder in these cases whether the OP is the legitimate owner of the login... but this stuff is all over the web, and the real owner would likely prefer to have his system whole and workable, if indeed pryed into. A sys in someone- else's hands is a lost system. So... here goes:
Jorge is quite circumspect when it comes to issues delving deep into the heart of a system, and probably quite rightly (I suspect that he is a sysadmin).
But it's your system, your risk, so I shall tell you what works for me and W7 (Pro). Just be aware that if you employ Windows EFS file encryption then at some time you WILL need to recall your password to access encrypted files.
However, I have used this password reset disk on XP and W7 to no detriment.
http://pogostick.net/~pnh/ntpasswd/bootdisk.html is the official site to download from. I have used vsn 110511 (that is the release date as well as the name; it just works, so I have not bothered to update). There is a later version on the page.
Download, burn the iso or install to USB. Boot from that drive; mostly the answers are the default, but read the questions! If you enter your account name when requested in the edit section, then case is important.
Advice is to clear, and not to change the password with the software. Save the edit and restart.

Ah. So what you heard was actually coming from the hdd itself... it was a short buzz routine to unstick the heads from the platter media. To do with a power problem.. the platters won't spin up so it buzzes the heads to see if they are stuck. You can belt it with a small rubber mallet to help the routine along. And soon after, bin it.

Finally, eBay are realising the consequences and possible damage to their reputation and bank balance, and risk to clients' digital security....
"It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.
A spokesman added that the firm's engineers were in the process of rolling out a feature that would oblige members to choose new passwords when they next logged in, which should be live in each of the countries eBay operated in by the end of the day." -from BBC.
To Blackmiau, and others, EBay hackers stole password hashes and logins. Right now, they would be running decryption software, or have sold the info to those who will. PCWorld, in an experiment with realworld password hashes and realworld hacker/decryption experts, showed just how efficient the process can be. If decryption is happening, you can be sure that they have cracked many tens of thousands per day. Hence the now-forced password change.
""The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said." -BBC. That is a lot of identifying information. Given that some people use the same password across several sites requiring such, and combine it with their email address to complete a login, the damage is very real, and not just to EBay.
Ok, so credentials of some personnel were stolen, giving the hackers a free ride. But two weeks to come clean and …

Once you're mentally committed to the drive's death, there is a cracker rare earth magnet in the "motor" section of the read arm. Put it on your fridge door and you will need a knife blade to lever it off.

Fingers... brain... something....
Vsn 8 is about a 20MB download.

Him mcortino, thanks for getting back re TestDisk. Something must be badly wrong with your disk... an advanced search with TD on my 250GB drive takes around 15 mins. It's a sector scan, it's hunting for boot sectors. Once it has those accepted it can locate the MFTs, and then files.
Minitools have Partition Wizard; I use it for disk manipulation, and it comes with a partition recovery service. Free. Vsn 8 is about a 20GB download.

You say you have the computer working with a Ubuntu boot disk: that points to there being a problem existent on the hdd. The malware? so far sounds like an annoyance, not much point to it at all. It just needs killing.
I don't know the structure of your hdd, the partitions on it and what they contain. Here's the thing with images. If you have a disk image and copy it to a hdd then it should run; partitions will be the same size and with same drive letters, the registry will be identical, all references will be as they were. If you copy back an image of a partition, especially one with programs, then you must ensure that the drive letter you assign is the same as on the original partition. Copying back and starting a boot drive image is somewhat less straightforward.

If Windows Disk Management can see the disk then TestDisk should cope with it. Not Initialised shows beacause the LDM cannot see a partition table. TestDisk in its deep search will ignore the partition table and hunt for the boot sectors of each partition, thereby establishing partition boundaries. If you have in the past moved or erased partitions then TD might find these via their bootsectors if they have not been overwritten - a bit of confusion, but checking the data table presented should sort out real from unused.
There is a backup bootsector in the last sector of a partition. Records in the bootsector point to the MFT and the MFT mirror. Pretty much, for each partition you need a valid bootsector (either) and a valid MFT (either). Without these, file recovery is difficult.
Formatting writes a new partition table and NTFS system files to the disk, not a problem in your case cos it is busted already.

That message sounds rather suspicious, and I'm not altogether sure that Windows could run on 1/2 Meg of RAM anyway. I've seen it manage with 128 MB, but 1/2? I think you need to do a scan, and for that you will need a bootable cd or UFD.. may I suggest the free Kaspersky Rescue Disk 10 from http://support.kaspersky.com/viruses/rescuedisk/main
Instructions and guides are there, and the link to the download. Burn the iso to a cd or load it to a FAT32 formatted UFD with a suitable tool (there is one on the site.. find the link near the iso download link).

Looks like MBAM solved your problem. Nothing else shows after a quick glance at logs.

That BIOS setting about restarting after power interruption (if you have it)- it should not be the problem in your case, but try turning it off. I don't have it set to auto restart because if a power outage is bad the power line auto-restart system will try to reconnect power 3 times before giving up, and I don't want my computer subject to that behaviour. But yes, the mb firmware/hardware controls switch-on behaviour, adjustable via BIOS settings.

You only need the HKLM value to launch explorer. Will it run at all, ie. can you launch it from Task Manager, or cmd console? ...just enter explorer.exe.
If you use internet explorer to navigate to the /Windows folder, does explorer.exe exist? Will it launch if you dclick it? Enter C:\Windows in the address bar.... you should be able to launch explorer from there, also.... enter C:\windows\explorer.exe

If it's a broken shortcut in W7 loader that you wish to remove, then use BCDEdit via the cmd console. It's a pest to use, because you need it so rarely, and the command structure is obtuse, hence I find I must look up the guide every time. But there are guides on the web, and it would be best for you to find an example that suits and follow that. If you manage to break the loader, the W7 disk can repair it.

Is this a corporate (business) laptop? Because for obvious reasons we prefer not to advise on those. The Intel Management Engine Interface or IME is used for remote management, it controls boot security via password and access to some hardware systems as well as the OS. Can you turn it off in your BIOS?
You could have an ME firmware problem (it has its own BIOS settings, they may be password protected).
I don't know where the error code Status 0xc000000f is generated... perhaps the W7 boot manager?

Note that AVG 2014 Free recco by PCWorld, tcll... :)

The last two links in that article by Symantec's boss are the important take-away, I think, JM, and are buried in: "check out PCWorld's guides to building the ultimate free security suite and how to protect yourself against the web's most dangerous security traps."
http://www.pcworld.com/article/2050339/how-to-build-the-ultimate-pc-security-suite-for-free.html
http://www.pcworld.com/article/2048726/how-to-protect-your-pc-against-devious-security-traps.html

Well, you go and torrent it somewhere. You won't get any advice from here for that cracked OS.
Other than that, I spose...
And if you get burned with something nasty in it, you won't get help with that, either. More advice. Sigh.

Avast Free... used it for years. Just last week I switched to AVG 2014 Free. It's good. More efficient than Avast ie. stuff loads faster, from apps, files to web pages. About cleanup and detection rates.... well, you should peruse the lastest AV-test and AV-comparitives findings, plus pay some attention to E. Kaspersky on the subject.
AVG is not the best, but it now rates better than Avast (which incidentally, is used by more than 50% of EU clients..). Avast is darn near the worst of those considered! Bitdefender and Kaspersky rate the best, but neither are free. Bitdefender Free is not at all user friendly, should not be considered by any who have black/grey apps - you cannot always exclude them.. :o (some you can). For others, it's probably fine, at least so if it uses the paid-for engine: I don't know about that. You don't need to touch a thing (there isn't any configuration interface).
So, AVG 2014 Free... I'm happy so far. Have yet to test it on a drive-by loaded site.

With dual booting XP and W7, it is best to install XP first; W7 will then overwrite the boot secor with its own files, which it MUST have available. W7 can then be directed to locate other installations, eg. XP, and set its loader to boot them.
If you install XP after W7 you can use the repair option on the W7 dvd to fix its boot loader.

I do gotta say.... if cars were like bloody computer systems then NOBODY would drive.
You can replace "cars" with any other convenience you normally take for granted. When electric sewing machines first appeared the motors were simply bolted on the outside, and the belt drive went to them instead of to the treadle wheel. For all best efforts, personal computers are still at that stage.

Yep, you can walk all over Microsoft's best efforts with Linux boots as RJ suggests (by ignoring and then removing all the file's metadata), else...
Perhaps we should replace the ACL you granted, so...
icacls "C:\Program Files (x86)\CrossTec\CrossTec Remote Control\Support" /grant:r everyone:f
If that fails then run this, and copy/paste here the result, please...
cacls "C:\Program Files (x86)\CrossTec\CrossTec Remote Control\Support"
Or maybe the same, but with icacls.

A proper firewall can protect you from such attacks. You can stealth your ports so that they do not acknowledge incoming requests, or if on a limited client LAN you can block all but the specified computers. If a single PC on a LAN, you can block all incoming requests or traffic.
My Comodo firewall used to report in its log about two hits per minute from various IP addresses; that was with a modem, but since incorporating a router with firewall my Comodo has recorded not one single hit in five years. The router opens a UDP port for incoming traffic, but that traffic must be for a specified application - if it's not running then the port is closed.
Another thing - Comodo lets you set packet flow limits. Set the whole package up right and your TCP/IP stack won't see an unwarranted thing. I occasionally run tests such as that from GRC; they fail to penetrate.
There are other free firewalls; all take some setting up and some people are not prepared for that, nor for the flow of permission requests for unknown processes or potentially unsafe actions. But then, probably some soldiers feel that a bulletproof vest is a nuisance.

There is this to read....
http://technet.microsoft.com/en-us/library/cc753525.aspx
Else you could just run this...
icacls "C:\Program Files (x86)\CrossTec\CrossTec Remote Control\Support" /grant everyone:f
But you must be an admin to run it successfully. Why? Because you took away everyone's permissions. If you are a User, then you have now no permission to modify permissions on that file.

I see your pain there. I've not read of anyone successfully paying for a working key.
This only serves to reinforce my monthly (or so) practice of making images of all partitions, and then putting the image drive offline. I do daily backups, too, but they are online, and so fraught.
If they've done over the US army, I wonder how long it will be before a cloud gets rained upon...?

Yeah, HijackThis is over. Trend bought it out and a year later allowed it to languish, no further development. And in this case, it shows no malware indications. I'm afraid malware has moved on; it's shamefully poor stuff that is picked up by such a simple scan.
John, you copped a trojan that opened a backdoor, read and delivered your email address book, but I find it hard to believe that having done that it is posting your password changes as you make them. That is too personal an attack.... However... may I suggest first a scan using OTL (non-invasive) followed by a pass with Combofix ( a scan plus preliminary malware kill). Post the resulting logs, please ( there will be two OTL logs, and one Combofix log).
==Download OTL from http://oldtimer.geekstogo.com/OTL.exe to your Desktop.

• Double click on the icon to start the application.
• Press Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, leave other sections as they are.
• Into the Custom Scan box paste this:

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

• Press Run Scan.
  The scan will take maybe 5 minutes; 2 notepads will present [saved to the place from where you ran OTL.exe] - please post both.

==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or perhaps from here: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and …

Clean. But...
-Remove all old Javas with JavaRa [free] and update to 7.51 [or go to the Java site, update and then run their test/old Java uninstaller tool]. Old Java installations are one of the two greatest security issues.
-Clear your MBAM quarantine.

Good points, Jim. Unfortunately, that path is the one that is too easily chosen because there is a mindset that forced integration by modification is easier to achieve than good design.
I've pointed out before that just the cmd module itself appears to have been built by folk who did not communicate - a /parameter must be here, but only a parameter there will work, spaces here but not necessary there, abbreviation in some places but not others and so on; it is time-wasting because it results in you consulting the help listings just about every time you use a cmd. Just to get a decent list of available cmds you must run this cmd and not >help...
%windir%\hh.exe ms-its:%windir%\Help\ntcmds.chm::/ntcmds.htm

Have you tried the procedure on this site?
Tuvaro is not a virus, it's just malware of the advertising variety but with the possibility of inserting more malware in a pooorly protected system.
http://www.techsupportall.com/solved-how-to-remove-tuvaro-search-from-chrome-firefox-ie/

Not on your liife!
Try this tool, JavaRa:
http://singularlabs.com/software/javara/javara-download/
Update it, use the Remove section to clean (select your java from the list box and press Uninstall, then Next to complete the cleaning), and reinstall as you follow on with the process. I recommend the Manual Installation option.
JavaRa will run in Safe mode, also.

Uninstall Java again, then run the Java removal tool from Sun Java site, run Malwarebytes from the .org site, then try to reinstall Java.
https://www.java.com/en/download/faq/uninstaller_toolinfo.xml
"but thats not my problem
"
Right.

Well, hats off to Symantec for proving that average is not beyond reach.

Total the ones (or the twos) with an IF statement (or both)..
IF(SEX=1;M+1;F+1).
That will give you the ratio of M vs F; ratio of Ms and Fs in population is straightforward from there.
An average does not strictly apply in your case.