[pixillated]

hi jwang01;
here we go.....

did another destructive reformat last night. immediately, the black command screen flashed randomly, and when the reformat finished (just like other times) i saw it load a bunch of stuff (just like when you go into safe mode and all that stuff flashes by). so nothing has changed; that thing still shows up. at the bottom left of my screen a small window flashed, looked like a user icon, a little head or two but it flashed by fast and i couldn't pin it down what that was.

downloaded and updated avira after uninstalling norton via add/remove programs. no virus found. then did all the updates manually, so am up to date with all sp's and security patches. did complete scans, rootkit, registry, etc. nothing.

so far i can still get on the net, but am writing this from the library. i'm going to give you some info about what is happening.

first thing: even in safe mode, as administrator, i cannot change or delete the owner administrator account. those permissions are blocked.

these services listed below are all supposed to, by default, be logged on by either the local system or local service. instead, they are taken over by something called (all in caps) NT AUTHORITY\Local Service and are password protected. same thing as last time. first it takes over my services and the user accounts. then it takes ownership of the hard drive. etc etc. here are the services it is running that it's not supposed to be controlling:
RPC (Remote Procedure Call - without that -- no internet access. many other services depend on it)
ASP.Net State Service
Alerter
Application Layer Gateway
SSDP
Smart Card
TCP/IP - another important one for internet service
UP&P
Uninterruptible Power
Web Client

all of those should NOT be run by NT AUTHORITY>

next, it will start shutting down these services starting with RPC. and then it will start taking ownership and then i will start getting 'access denied' or 'folder is empty' if all goes as before. it seems to be going that way.

also, i have been looking around in the start menu. under "all programs" >startup > is something caled run_startmenu - file path:
C:\Documents and Settings\All Users\ Start Menu\P
i've never noticed that before, and all the other stuff has 2004 create dates so i feel that whatever/whoever is up to it again, and that this may be how autoruns are getting started in boot up. just a wild guess from a desperado clutching at anything that may make sense or be important to tell you.

i have, in the past, tried to take back the default log ons for the services; changed them manually, one by one. and i have changed ownership back to myself as administrator and got rid of 'administrators' and 'current user' and that user with S- and a bunch of letters and numbers. i have also tried doing nothing. it all ends up the same way it seems.

let me know if you feel we should continue trying to solve the mystery, or if i should just put the computer in the trash or drop it from a second story window. i know i don't want to obsess over it again, and if it's a lost cause, my energy might be better spent trying to find a new hand me down puter rather than trying to fix a terminally infected one.

i'm ok with whatever, either way, so follow your gut! i leave it to your decision.

i'll check at home tonight to see your response. thanks, jwang01!

Edited by pixillated, 29 April 2010 - 07:38 PM.

[Advertisements]

Hello,

did another destructive reformat last night. immediately, the black command screen flashed randomly, and when the reformat finished (just like other times) i saw it load a bunch of stuff (just like when you go into safe mode and all that stuff flashes by). so nothing has changed; that thing still shows up. at the bottom left of my screen a small window flashed, looked like a user icon, a little head or two but it flashed by fast and i couldn't pin it down what that was.

That may be normal for your system. It's just how those recovery disks do the job.

first thing: even in safe mode, as administrator, i cannot change or delete the owner administrator account. those permissions are blocked.

Why would you want to delete the Owner Admin Account? If I am understanding you correctly, that is an Admin account only shows up when you try and boot into safe mode. This is a normal account in Windows and should be left alone.

all of those should NOT be run by NT AUTHORITY>

Actually those sevices should be run by the NT AUTHORITY, and that is normal. That is not malware as it is now. You should not need to mess with any of those permissions as they are set as they should be.

also, i have been looking around in the start menu. under "all programs" >startup > is something caled run_startmenu - file path:
C:\Documents and Settings\All Users\ Start Menu\P
i've never noticed that before, and all the other stuff has 2004 create dates so i feel that whatever/whoever is up to it again, and that this may be how autoruns are getting started in boot up. just a wild guess from a desperado clutching at anything that may make sense or be important to tell you.

Looks like that file is normal.

i have, in the past, tried to take back the default log ons for the services; changed them manually, one by one. and i have changed ownership back to myself as administrator and got rid of 'administrators' and 'current user' and that user with S- and a bunch of letters and numbers. i have also tried doing nothing. it all ends up the same way it seems.

All of those sevices are set correctly, please don't change anything with them. Also, the user accounts that start with "S-" are normal as well. You should not do anything with those either.



I would like you to go ahead and use you computer normally for a few days and see if any problems arise. Let's see if that file infector was to blame. If you start seeing problems again come back here and let me know. My guess is if the problems do return, it's going to be a Corrupt OS install, or some kind of hardware issue.



There is one more thing I would like you to check:

• Go to Start, then Run, and type in devmgmt.msc and press enter.
• Drop down each section and see if there are any Yellow exclamation point's next to anything
• If there is, please tell me what device's have them.

Edited by jwang01, 29 April 2010 - 11:14 PM.

[jwang01]

Hello,

did another destructive reformat last night. immediately, the black command screen flashed randomly, and when the reformat finished (just like other times) i saw it load a bunch of stuff (just like when you go into safe mode and all that stuff flashes by). so nothing has changed; that thing still shows up. at the bottom left of my screen a small window flashed, looked like a user icon, a little head or two but it flashed by fast and i couldn't pin it down what that was.

That may be normal for your system. It's just how those recovery disks do the job.

first thing: even in safe mode, as administrator, i cannot change or delete the owner administrator account. those permissions are blocked.

Why would you want to delete the Owner Admin Account? If I am understanding you correctly, that is an Admin account only shows up when you try and boot into safe mode. This is a normal account in Windows and should be left alone.

all of those should NOT be run by NT AUTHORITY>

Actually those sevices should be run by the NT AUTHORITY, and that is normal. That is not malware as it is now. You should not need to mess with any of those permissions as they are set as they should be.

also, i have been looking around in the start menu. under "all programs" >startup > is something caled run_startmenu - file path:
C:\Documents and Settings\All Users\ Start Menu\P
i've never noticed that before, and all the other stuff has 2004 create dates so i feel that whatever/whoever is up to it again, and that this may be how autoruns are getting started in boot up. just a wild guess from a desperado clutching at anything that may make sense or be important to tell you.

Looks like that file is normal.

i have, in the past, tried to take back the default log ons for the services; changed them manually, one by one. and i have changed ownership back to myself as administrator and got rid of 'administrators' and 'current user' and that user with S- and a bunch of letters and numbers. i have also tried doing nothing. it all ends up the same way it seems.

All of those sevices are set correctly, please don't change anything with them. Also, the user accounts that start with "S-" are normal as well. You should not do anything with those either.



I would like you to go ahead and use you computer normally for a few days and see if any problems arise. Let's see if that file infector was to blame. If you start seeing problems again come back here and let me know. My guess is if the problems do return, it's going to be a Corrupt OS install, or some kind of hardware issue.



There is one more thing I would like you to check:

• Go to Start, then Run, and type in devmgmt.msc and press enter.
• Drop down each section and see if there are any Yellow exclamation point's next to anything
• If there is, please tell me what device's have them.

Edited by jwang01, 29 April 2010 - 11:14 PM.

[pixillated]

hi jwang01;

That may be normal for your system. It's just how those recovery disks do the job.

i don't think that is normal since i never saw the command screen this much before, and i have used these recovery disks on my old e machine and never had this happen. it could be that because i had to use these disks on a different e machine, it is happening now, but before i did the first reformat and began having problems, i did see the command screen. could be coincidence. willing to wait and see, and try to get used to it flashing a lot randomly, especially at startup. the black screen comes up every time i start the computer or update a program, etc.

it is a relief to know that the services are set properly, even though i have a different list that shows the default logon settings for windows services, which is where i was taking my info. from. i will have to take your word on it and quit being paranoid!

Why would you want to delete the Owner Admin Account? If I am understanding you correctly, that is an Admin account only shows up when you try and boot into safe mode. This is a normal account in Windows and should be left alone.

sorry if that was confusing. i didn't want to delete the administrator account that i created in safe mode; i had to create that account by booting into safe mode. i thought when i created that safe mode administrator account, i could change, add, or delete other accounts. i was trying to change the owner/administrator account on my regular desktop to a limited account. avira kept warning me not to use administrator capabilities on the normal desktop. i tried to make the owner account limited; could not. those permissions were unavailable to me. there wasn't an option to delete it either.

when xp installs, it installs an owner account, which it automatically makes into an administrative account on the regular desktop. that's the one i wanted to change to limited. i have been told and have read that for security reasons, it's a good idea not to have administrative accounts on the normal desktop. what are your thoughts on that? doesn't matter anyhow, since i can't seem to do anything to change it!

All of those sevices are set correctly, please don't change anything with them. Also, the user accounts that start with "S-" are normal as well. You should not do anything with those either.

i am only going to do what you say from now on! i'm not doing anything without your say so! nada. nothing. zip.

I would like you to go ahead and use you computer normally for a few days and see if any problems arise. Let's see if that file infector was to blame. If you start seeing problems again come back here and let me know. My guess is if the problems do return, it's going to be a Corrupt OS install, or some kind of hardware issue.


There is one more thing I would like you to check:

• Go to Start, then Run, and type in devmgmt.msc and press enter.
• Drop down each section and see if there are any Yellow exclamation point's next to anything
• If there is, please tell me what device's have them.

okay, i went into device mgr. as you told me. all are ok except:

under 'other devices' there are yellow exclamation points and big yellow question marks next to these:

Network Controller
SM Bus Controller
Video Controller (VGA Compatible)

um... is there a safe way to update my java?

everything is old on here...adobe reader, etc.

do i need adobe flash player or not?

i am using internet explorer. should i use another browser and should i do anything to ie security settings or privacy settings to make it more secure and if so, what?

does this mean i can go and watch youtube and hulu.com? i am way behind on 'lost'!

thank you as always for your great instructions and tremendous patience.

EDIT:
one thing i forgot to tell you. avira guard keeps blocking an autorun. the message says 'access to the file D:\Autorun.inf was blocked for your security.

Edited by pixillated, 30 April 2010 - 11:50 PM.

[jwang01]

Hello,

it could be that because i had to use these disks on a different e machine, it is happening now, but before i did the first reformat and began having problems, i did see the command screen.

That could be the case.

when xp installs, it installs an owner account, which it automatically makes into an administrative account on the regular desktop. that's the one i wanted to change to limited. i have been told and have read that for security reasons, it's a good idea not to have administrative accounts on the normal desktop. what are your thoughts on that? doesn't matter anyhow, since i can't seem to do anything to change it!

You won't be able to change the Owner account type, since it is created by Windows and is only avalible in safe mode. It is there for you to access in case you need to trouble shoot any problems in Safe Mode. It is a good idea to create a password for that account though.

You need to have an Admin account on your computer. However it is safer to create an additional limited account and use the limited account when doing normal computing and only use the Admin account when you need to. It helps prevent malware from infecting your machine.

under 'other devices' there are yellow exclamation points and big yellow question marks next to these:

What is the model of your E-Machine?

um... is there a safe way to update my java?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")

everything is old on here...adobe reader, etc.

do i need adobe flash player or not?

You should uninstall your version of Adobe and download the latest from Here.

You also may need the Flash Player. Some websites require it, but it depends on what your doing online. You can download the flash player from the same link I posted with Adobe Reader.

i am using internet explorer. should i use another browser and should i do anything to ie security settings or privacy settings to make it more secure and if so, what?

I think Opera is the safest browser to use.

does this mean i can go and watch youtube and hulu.com? i am way behind on 'lost'!

thank you as always for your great instructions and tremendous patience.

Yes, you can go ahead and use your computer normally now.
And your welcome.

one thing i forgot to tell you. avira guard keeps blocking an autorun. the message says 'access to the file D:\Autorun.inf was blocked for your security.

Looks like Avira as blocking all your AutoRuns for drives like cdrom and flash drives. It helps prevent malware from autostarting from infected drives, therefor preventing your computer from becoming infected.

[pixillated]

hi jwang01; urgh. a few problems. i downloaded all that stuff onto my limited account and because i have passwords on all my accounts, even the limited one, i guess i can't access that desktop from either admin account! i found this out after i wiped out the java and adobe. duh! when i used not to use passwords i never encountered this so i am kinda not too swift at figuring it all out.

i am using an emachine T4060; however the recovery disks are from a slightly newer emachine i no longer have; W3052. at least i think it's newer cuz the cds are from a later date. i think i told you in an earlier post that the other ones installed a corrupt os so i had no choice but to use these disks. i now have no java. maybe if i delete the password from my limited account, i will be able to see those downloads from the admin.(owner) account on my regular desktop. if not, i plan to come back here in safe mode and get the downloads and try again.

about the user account thing: perhaps i should have just made a limited account and then went into safe mode and then the owner account woulda shown up there, but since the owner admin. account showed up on my regular desktop, it seemed the only way i could change it was to make another admin. account (at least that's what the tutorial said to do.) but no matter what i did, i couldn't change that account to limited or delete it. i made another admin. account on the normal desktop and then renamed the owner account and changed it to a limited account. ugh - i prolly over-complicated things as usual! if i need to undo that, let me know.

also, i have net framework 1.1 and i noticed that microsoft update (not high priority update had a newer patch/upgrade to like 3.+ for that, which i think has some security fixes. should i go ahead and install that from the manual updates?

all the programs i have been downloading so far have the setup files on my desktop (plus they're in the download folder on opera (which i love as a browser; thanks!). should i go ahead and just delete all of the setup files, once i have the programs installed?

i also love avira; thank you for turning me onto it.

should i have an anti spyware/anti malware program now? what is your favorite? should it have realtime capabilities or is that not necessary because of avira?

thanks! sorry i have so many questions! if there are tutorials on this stuff i would be glad to read them. there seems to be so much to learn, just in order to do things right and safely and in the correct order!

Edited by pixillated, 02 May 2010 - 12:10 AM.

[jwang01]

Hello,

hi jwang01; urgh. a few problems. i downloaded all that stuff onto my limited account and because i have passwords on all my accounts, even the limited one, i guess i can't access that desktop from either admin account! i found this out after i wiped out the java and adobe. duh! when i used not to use passwords i never encountered this so i am kinda not too swift at figuring it all out.

You should download those things in an admin account and run them from there.

about the user account thing: perhaps i should have just made a limited account and then went into safe mode and then the owner account woulda shown up there, but since the owner admin. account showed up on my regular desktop, it seemed the only way i could change it was to make another admin. account (at least that's what the tutorial said to do.) but no matter what i did, i couldn't change that account to limited or delete it. i made another admin. account on the normal desktop and then renamed the owner account and changed it to a limited account. ugh - i prolly over-complicated things as usual! if i need to undo that, let me know.

That should be ok. But you will need at least one admin account.

also, i have net framework 1.1 and i noticed that microsoft update (not high priority update had a newer patch/upgrade to like 3.+ for that, which i think has some security fixes. should i go ahead and install that from the manual updates?

Yes, you can go ahead and do that.

all the programs i have been downloading so far have the setup files on my desktop (plus they're in the download folder on opera (which i love as a browser; thanks!). should i go ahead and just delete all of the setup files, once i have the programs installed?

Yes, once everything is installed, those setup files are no longer needed.

should i have an anti spyware/anti malware program now? what is your favorite? should it have realtime capabilities or is that not necessary because of avira?

You can have one Anti-Spyware program that runs in Real Time along with Avira. SuperAntiSpyware is a good Real Time Anti-spyware program.



Also, please download This file and run the application. Let me know if that get's rid of those yellow marks in the device manager.

[pixillated]

That should be ok. But you will need at least one admin account.

i have two, and it seems i MUST have an admin. account on my regular desktop. i am not given a choice not to.

You can have one Anti-Spyware program that runs in Real Time along with Avira. SuperAntiSpyware is a good Real Time Anti-spyware program.

are there others? tried sas and not sure i liked it; it seemed invasive but maybe i just did not know how to set it up. guess i could try it again. and if realtime anti spyware is not needed, what is the best freeware anti spyware/anti malware program out there?

Also, please download This file and run the application. Let me know if that get's rid of those yellow marks in the device manager.

nope. would not download. but maybe i did the wrong download or file. it was very slow and hung... finally let me click 'download' after i opened a new window, and i saved it to desktop, followed the wizard several times but it would not extract, and i kept getting this message: Requires a supported chipset platform running on a supported operating system. check system requirements of the README.TXT for more info. the instructions look complicated and i didn't wanna try anything. maybe i was just supposed to run it and not save? i will try that and report back if i have success.

in case you need this info. my processor is intel ® Celeron ® D CPU 3.33 GHz. i am using XP home ed, S.P.3

about java and adobe: should i be getting automatic updates from them? if not, how do i stop that?

command (bios) screen still flashes every time i boot up or update my a.v. program or download or install anything.

would now be a good time to install and run the norton removal tool to clean up the rest of the files in C: program files? it seems that is another place where program files leave their old files.

thanks so much!

[pixillated]

That should be ok. But you will need at least one admin account.

i have two, and it seems i MUST have an admin. account on my regular desktop. i am not given a choice not to.

You can have one Anti-Spyware program that runs in Real Time along with Avira. SuperAntiSpyware is a good Real Time Anti-spyware program.

are there others? tried sas and not sure i liked it; it seemed invasive but maybe i just did not know how to set it up. guess i could try it again. and if realtime anti spyware is not needed, what is the best freeware anti spyware/anti malware program out there?

Also, please download This file and run the application. Let me know if that get's rid of those yellow marks in the device manager.

nope. would not download. but maybe i did the wrong download or file. it was very slow and hung... finally let me click 'download' after i opened a new window, and i saved it to desktop, followed the wizard several times but it would not extract, and i kept getting this message: Requires a supported chipset platform running on a supported operating system. check system requirements of the README.TXT for more info. the instructions look complicated and i didn't wanna try anything. maybe i was just supposed to run it and not save? i will try that and report back if i have success. tried just running; same message and no success. not sure what is going on. yellow exclamation marks still there too.

in case you need this info. my processor is intel ® Celeron ® D CPU 3.33 GHz. i am using XP home ed, S.P.3

about java and adobe: should i be getting automatic updates from them? if not, how do i stop that?

command (bios) screen still flashes every time i boot up or update my a.v. program or download or install anything.

would now be a good time to install and run the norton removal tool to clean up the rest of the files in C: program files? it seems that is another place where program files leave their old files.

thanks so much!

[jwang01]

Hello,

are there others? tried sas and not sure i liked it; it seemed invasive but maybe i just did not know how to set it up. guess i could try it again. and if realtime anti spyware is not needed, what is the best freeware anti spyware/anti malware program out there?

Yes there are other free real time anti-spyware scanners. Ad-Aware is another one you could try. MBAM is a good on demand scanner to have on your computer. The free version does not scan in real time, but a good program to have.

nope. would not download. but maybe i did the wrong download or file. it was very slow and hung... finally let me click 'download' after i opened a new window, and i saved it to desktop, followed the wizard several times but it would not extract, and i kept getting this message: Requires a supported chipset platform running on a supported operating system. check system requirements of the README.TXT for more info. the instructions look complicated and i didn't wanna try anything. maybe i was just supposed to run it and not save? i will try that and report back if i have success. tried just running; same message and no success. not sure what is going on. yellow exclamation marks still there too.

in case you need this info. my processor is intel ® Celeron ® D CPU 3.33 GHz. i am using XP home ed, S.P.3

Ok, let me know if you got it to work.

about java and adobe: should i be getting automatic updates from them? if not, how do i stop that?

Those programs should let you know if there are updates availible. It's a good idea to have those progrmas let you know when updates are availible.

command (bios) screen still flashes every time i boot up or update my a.v. program or download or install anything.

The black box your talking about is the command promt window. I'm still not sure why it's doing that, but let me do a little research on that a bit more. It may be that using the different recovery disks is creating some unusual things. But I will get back to you on this.

would now be a good time to install and run the norton removal tool to clean up the rest of the files in C: program files? it seems that is another place where program files leave their old files

Yes go ahead and run that removal tool.

Edited by jwang01, 03 May 2010 - 12:08 PM.

[pixillated]

Ok, let me know if you got it to work.

it won't work no matter what i do. i suppose i could go into device manager; it gives an option to install or update drivers for these 3 things... but what ARE they? do i need them or not, is what i wonder. did windows put them there? if not, maybe i don't want them anyhow!

It's a good idea to have those progrmas let you know when updates are availible.

i guess what i meant is, if it notifies me from the system tray to 'click here' and then it takes me to the download site which LOOKS official, can i trust downloading updates from there? (will clicking on it lead me to the safe official site?)

The black box your talking about is the command promt window. I'm still not sure why it's doing that, but let me do a little research on that a bit more. It may be that using the different recovery disks is creating some unusual things. But I will get back to you on this.

i'm afraid that as of tonight, my news is not so good! things are starting to get weird again with the computer; glitchy. things don't work. services are stopped and i am having trouble restarting them.

it took me half an hour of fiddling to get an internet connection. my avira guard kept getting turned off! i did a connectivity diagnostic and the isp and subnet were different than mine; lots different! i couldn't change my LAN settings so i went into start>run>ipconfig and got the black screen that flashed and would not (as usual) let me read it. so i was unable to reconfigure my isp and subnet mask.

no the command prompt screen flashing is not caused by the recovery disks. the command prompt screen flashed randomly when i got this infection or whateveritis, and did it with the other recovery disks too. that's why i think it's baaaaaaack, or it never even left.

i'm not feeling hopeful. this thing is taking over again. computer got real slow last night. hung while trying to load that file. hung while i did that windows net update thing; maybe i should roll back to the original driver for that. but i don't think it has anything to do with that. it's that damned command prompt thing again.

avira keeps showing no virus found, but i do keep getting 1 warning, and i'm unconvinced about there being no infection.it's just smarter than avira. their reports are kinda confusing to try to read or figure out.

if this thing attacks my a.v. program - turns off the guard and shuts down internet updates and general internet again, i think i am ready to give up on this computer or at least the hard drive. two months of dealing with this is enough, and there will be no way to download diagnostic or removal tools from the library.

i am kinda hating this e machine at this point. without the original windows install disk (which does not come with an e machine) i think i'm pretty screwed, because i think i just keep reintroducing the virus or pe infector or whatever it is; and that even with destructive reformats, it copies the same infected files onto the same infected partition.

it sure seems that my computer is behaving like it's being remotely controlled somehow - again. the user profile thing is all screwed up again. i have limited permissions as administrator on either admin. account. if it all goes the same, i soon will be able to do little to nothing as admin. anymore. then files start disappearing and windows installer goes next, the taskbar disappears, it takes a looooong time to boot, etc etc.

i'm going to go enjoy my last night of catching up on 'lost'.

oh... should i have something called 'recycler' on this computer? isn't that a malware thing?

um... i've got a really busy week right through the weekend as far as getting much time at the library goes, but will try to come online here at home tomorrow night if i can get internet. if not, i'll let you know from the library in the next coupla days.

thanks, jwang01! sorry such a long post. feeling very discouraged.


EDIT may 4, a.m.

i got on i-net this morning. ran a malwarebytes full scan. found trojan.agent in a registry key. now mbam will not let me update.

i think whateveritis won't let me get rid of the admin. account on my regular desktop because it is using it to change settings and stuff. just a guess but it happens this way every time. back tonight if i can get on.

wondering if i should unplug modem every time i am off of the computer.

Edited by jwang01, 04 May 2010 - 12:01 PM.
Removed color

[jwang01]

Hello,

I'm sorry to hear evrything is coming back again.

i guess what i meant is, if it notifies me from the system tray to 'click here' and then it takes me to the download site which LOOKS official, can i trust downloading updates from there? (will clicking on it lead me to the safe official site?)

Yes, it should bring you to the offical site.

oh... should i have something called 'recycler' on this computer? isn't that a malware thing?

That is normal.


Did those recovery cd's come with the computer, or were thay made later on?


I have to say I'm running out of idea's here. Some of the other experts here gave out one more idea to do another type of reformat that involves wiping out the entire drive instead of just reformating. But it's up tp you whether you would like to try it or not. Let me know what you would like to do.

[pixillated]

hi jwang01;

the recovery cds came with the computer.


what other kind of reformat would we do that would be any different, with only the recovery cds? i thought a destructive format did wipe the drive, but someone told me that without the original install cd, it copies windows files from one place to another, so no wonder i keep being infected.

i'm interested, if you have the time; i'd at least like to know more about it and what is involved.

perhaps if i buy a new hard drive and maybe buy a windows xp cd on ebay or something, that would be simplest.

do what's best for you; if you need to move on and help someone else. i understand. maybe this problem is just not solveable.

Edited by pixillated, 06 May 2010 - 12:28 AM.

[jwang01]

Hello,


The other typw of reformat is to write zero's to the entire hard drive instead of just repartitioning it. However, it looks like your computer may use a recovery partition that is located on the hard drive (D: drive) and writing zero's to the drive would also wipe that out, so your recovery cd may not work. I'm trying to get some more info on that right now. I would hate to have you do this and not be able to put Windows on it. I would also have you reset your BIOS.


Buying a new hard drive along with a Windows CD should fix your problem as well but will cost a bit.

[pixillated]

yeah, that is a problem, the cost of windows. hmmm.... i wouldn't mind getting rid of that d partition anyhow. but i'd want to know if the recovery cds would still work before doing that. is there any way we can find out?

also, what do you know about programs such as 'disk kill'?

at least the avira is helping me this time. usually the computer is completely down by now. it keeps blocking access to that autorun D:/inf.

heck, i've kinda got nothing to lose at this point, except more time. i still prolly need a windows install xp though.

if you don't mind keeping this thread open a bit longer, i'd like to think about it for a few days. i am crazy busy with rehearsals and performances thru the weekend, so may be a bit scarce. after that i will have more time to devote to things, should we proceed with the big wipe.

and, thanks, jwang01.

[jwang01]

Hello,

also, what do you know about programs such as 'disk kill'?

I actually just found out about those programs, and a we might use a program like it if we decide to go that course.

if you don't mind keeping this thread open a bit longer, i'd like to think about it for a few days. i am crazy busy with rehearsals and performances thru the weekend, so may be a bit scarce. after that i will have more time to devote to things, should we proceed with the big wipe.

Sounds good to me.