AnnieMS

Thanks puntoMX, I downloaded memtest86 and may or may not be able to run it. The USB keyboard didn't work today in any of the usb slots - had to dig out the PS/2. The malware scan was set to just scan - not fix - and no definite infected files were found. There was a suspected trojan and some suspected pictureframe somethings that I thought were probable false positives. The blue screen the next day could have just been coincidental. After I got back into windows symantec and spybot scans were negative. First I was trying to figure out why hal would disappear and still be reported missing after I copied a new hal from the winxp install cd and did a boot.ini rebuild and why the system restore via recovery console got me back into windows but w/ a lot of missing device drivers and a disabled ACPI. I was wondering about multiple files corruption and a disk going bad. I was also wondering about a bad mobo 'cause on all the repeated reboots trying to get back into windows I noted a lot of "keyboard failures" but the keyboard worked. But then I found an update listed for the chipset to resolve a keyboard failure problem. Then I get mobo memory failures reported on a test outside the needs-to-be-reinstalled OS and today usb wasn't working in what I thought was the 16 bit pre winxp environment. Bit it could all be just wonky windows. I looked carefully at the mobo with my don't-know-what-I'm-looking-at eyes and didn't see any electronic parts that looked burnt or corroded. I wanted to do the re-seat memory dimms thing, but they are under too many unknown cables and Dell doesn't provide the info necessary or I can't find where they provide the info. I'm going to try to reinstall the OS and f that goes OK I'll see how stable the system is after and run memtest 86. If the mobo is bad I'm unlikely to replace it - all I could find googling was expensive refurbished ones for the 380. If it's still good I'd like to add more memory.

Dell 380 workstation, 3 GHz P4, 512 RAM, either dual-channel2 DDR2 533MHz ECC registered memory or 667MHz non-ECC DDR; SATA RAID 1, "BIOS controlled" 82801 GR/GH chip [intel 955x chipset]; winxp sp2 I thought I had the ECC memory , but the Dell diagnostic utility providing SMBIOS memory info reported the speed as 667 MHZ, while also reporting a long list of ECC errors. The Problem I wanted to check out the 380's [c 2005] hardware's condition before adding memory and a decent optical drive to the workstation. I started w/ the windows memory diagnostic test - did the overnight extended test - which found no problems. I then found hal was missing after running a boot virus scant. After replacing hal and doing a system restore via recovery console ACPI I could boot again, but a lot of device drivers seemed to have disappeared, ACPI was disabled and APM was being used. While gathering info on another computer to do a reformat/non-RAID 1 OS install using the dell install cd , I was running the dell hardware diagnostics from the utility partition - win98 or a version of win98 loads. The dell diagnostic reported that the memory data bus stress test failed. One of the tests failed was a MATS There was also a long list of ECC errors for system memory. I reran the short Windows Memory Diagnostic Tool test and again no errors were found. One of the tests passed was the windows version of MATS. From my limited understanding of APM & ACPI, I don't think a problem there would affect hardware diagnostics. I was wondering if the WMDT test didn't "stress" the memory data bus. From its description it seems to concentrate on the memory modules. Is the dell diagnostic definitive and indicative of a bad system board?

More confusion before reinstalling. I'm about ready to do the reinstall - I have some idea of how the dell install cd should work. But while I was gathering that info on another computer I ran some tests from the diagnostic partition on the Dell starting w/ the express test. It reported failure of the memory data bus stress test and a long list of ECC errors from system memory. I'm starting a separate post for that in Internal Hardware. Followup re the RAID 1 array. I removed the secondary SATA drive [w/ power off] and connected it to another computer via a SATA to USB adapter and verified that the data was accessible. I then booted up w/ only one drive and the raid 1 configuration in place. I got a message on the initial boot screen that the array was degraded but bootable and the computer booted up per usual. [i ran the above dell diagnostic before removing the sata drive] I'm planning on deleting the array, which will make the system unbootable, going into setup and turning RAID off and then booting/installing from the installation cd.

OK, I'm clear that I'm not trying to fix the manual turn off thru the BIOS or chipset [Finally! you say] - I'm doing it w/ a reformat/ reinstall. Thankfully, I will leave the BIOS alone for now. I'm not clear on the power ACPI/APM/LegacySelect ramifications since it should be in the BIOS, which is pre-OS, and isn't. I found this additional info googling So LegacySelect is a pre-os option I guess configurable thru the BIOS set up program tho I'm going to try and find that setup & quick reference guide. So maybe there's a ROM chip somewhere that the BIOS reads... but it looks to me that some of the options in BIOS are the LegacySelect. ACPI puts all power management into the hands of the OS and APM "talks" to the BIOS so I thought LegacySelect = APM. But maybe the LegacySelect configurations are "reported" to the OS thru FFH or AML and then the OS takes over. The bottom line for me is is there a ROM or BIOS button that got turned on that I should turn off. But it seems unlikely to me that Dell would offer an option that rolls back the clock to APM so I think maybe LegacySelect is those options in the BIOS setup and I still have no explanation for why ACPI got turned off but a good old reinstall should fix it. The RAID 1 is a "BIOS controlled" chipset thing. As I understand/guess from what I read, you enable it in the BIOS [and either Dell has the wrong BIOS setting on its support page or my BIOS has had the wrong setting for 3 years] and the chipset's firmware loads the RAID 1 during boot and win xp's RAID drivers take over when the processor is switched to 32 bit - or the memory is switched, however you say it. The first thing the screen shows on booting is the two drives listed separately and "crtl + i to enter raid configuration" . You have to hit that quick to get into that utility. I think after that the raid is established. I've been wanting to get rid of that raid 1 since I first got the computer. Per Dell deleting the array makes the disc non-bootable and all files inaccessible. Since this is not a true hardware raid, removing one drive may do the same thing. If I knew that for sure I'd go ahead and delete the array and install onto whichever SATA drive is recognized as the "master" - I think that would be the one in slot 0. The os install disc has Dell, not MS, on it but its label is "winxp prof sp2" in my computer and I've run recovery console from it and expanded hal from it. It has i386 and value added. It also has a $OEM$ folder. I sincerely hope it will allow me to do a non-RAID installation

Thanks GrofLuigi, I'm confused about what I am doing. Am I reinstalling the original BIOS programming [?flashing] or installing the chipset update before attempting anything in Device Manager? Are BIOS ACPI, APM & LegacySelect options I'll see in the process? Currently there is nothing in BIOS settings or the first information page that says ACPI, APM or Legacy Select. I've only read about LegacySelect at Dell Support. I've never seen any settings for it. Am I supposed to do a reformat/reinstall of the OS & Dell drivers first? I was planning to take down the RAID before reformat/reinstalling the OS. I wanted to remove a drive before deleting the array because theoretically it'll still have my data if I forgot anything - like the supercat catalog in c:\program files\supercat I almost forgot. I did a drag and drop bu of my personal folders and known back ups in %user profiles% because I don't trust any of my backup programs to work after the restore. Even w/ that I had do some of it folder by folder because I'd get a message "can't move file" and the copying would stop. So I didn't try to just backup everything. On the Dell Drivers site I only see updates - no original BIOS flash program or Dell drivers. I think I get any originals/updates for the CMOS flash program from Dell. My BIOS version is Dell, Inc. A02, 5/24/05. I've never flashed a BIOS.The BIOS update WS380A09.EXE "improves OROM Initialization", which per Widipedia didn't sound ACPI/APM related. I do eventually need to install one of the chipset updates because I've got the keyboard sx's described. I still have the OS installation disc and a separate drivers and diagnostics cd and both are recognized by my optical drive. Per the .chm file on the D&D cd I can do a search for specific drivers. The cd doesn't autorun so I guess I run the .exe file in the cd's root directory- then there's is supposed to be a search function in whatever program runs. I also have a 3rd cd w/ the flat panels' drivers. Current BIOS Settings: In Power Management I have options for AC Recovery [Off], Auto Power On [Off], Auto Power Time, Low Power Mode [Off], Remote Ake UP [Off], Suspend Mode = 3 [system conserves more power when not in use] In Performance I have Hyperthreading [On]; Speedstep [Off] & HDD Acoustic Level [bypass] Onboard Devices has settings for Integrated NIC, Audio, USB Controller, LPT & Serial Ports, & PS/2 Mouse Post behavior has settings for fast boot, numlock key, post hotkeys, & report keyboard errors. The other sections - Drives, SATA setting, Security etc. don't seem likely places and I don't see anything related to power in any of them.

Thanks GrofLuigi, The dell is backing up and I should have it done this afternoon. It doesn't matter if ACPI is changed in the BIOS after the OS is installed - because the OS will ignore the BIOS setting for its own acpi setting once it loads? So what I do is install the drivers for acpi in device manager? Have the winxp OS install disc in the drive and let Windows search the disk, the disc & for updated drivers via internet? Disable APM first? Or see If windows can find the acpi drivers and then disable apm? From what I could understand - guess really - I think APM vs ACPI is required for LegacySelect. APM has a "layered" [Wikipedia] approach pertaining to device drivers that allows administrators to turn off serial, parallel etc legacy hardware that I don't think ACPI has. The dell 380 is a workstation meant for businesses and in that setting APM may have advantages over ACPI. But I have no idea how APM got enabled. I'll have to see if I can find more on LegacySelect and see how it gets selected. I don't think the dell ever got the BIOS update [improve OROM Initialization] since it was released 2/2/07. It should have gotten the Intel Chipset Software Installation Utility released on 4/14/2006, but I can't be sure it did. So after I hopefully get acpi enabled and apm disabled I should do the BIOS and chipset updates?

Thanks to everyone, This will help me get caught up w/ the rest of the world. The emoticon pages I found on search had sort of different meanings for the same emoticon and didn't give me the context or connotation - more like one word definitions. I've bookmarked the free dictionary. I've seen people use : + ) to indicate a smile rather than generate an emoticon, but in previewing this reply I see it works as code in a post. I get the emoticon rather than the letters unless I use the code brackets. But then everything else I type ends up in code altho I can see the end code bracket Does msfn prefer we only use those emoticon provided/actually limit the emoticons allowed in posts in this forum? If I type in a code for one you don't have would it work? But would you prefer I didn't? You've got most of the ones I need - rant, embarrassed, confused, really confused, paranoid, shocked and I really like woot. The only one missing is bowing to a replier's wisdom. Some people might find that offensive, I guess. Thumbs up just isn't enough - it doesn't have the gratitude and awe factor. And an old geezer/old lady one would be nice for when I feel really old. Some others might like to have the rant emoticon w/ the off lever to give me a gentle hint. Since I'm new to emoticons I do want to use too many, but I've been holding myself back - until this post. I'll be good now. Well, I plan to be good now. ahead of the rest of my reply. ????

Thanks Coffefiend, I started reading about eSata. Things may have changed, but per my reading computers weren't coming out w/ eSata ports either - just USB. And if I could just go out and buy new computers, my youngest wouldn't be from 2005. I may, however, have to come up w/ the $ for a new computer soon, in which case I will insist on an eSata port. Though I don't know if I can afford any eSata drives. I read that you could easily make an external SATA port by pulling an unused SATA cable forward, but I don't think that makes a true eSata port. Maybe the extra shielding, whatever else are only necessary for the external drive & cable, but I think they might be necessary inside depending on how far you had to run the cable, how tight things were inside and what you went past - more reading. I do have one computer w/ Sata drives & cables. Everything else is Pata. So eSata won't help me much. USB 3 or s800 might with external enclosures depending on if I have PCI-e ports where necessary and what, if anything besides an s800 card, s800 wants. Being integrated on the mobo may make eSata become popular while firewire was doomed at birth because Apple insisted on a high royalty fee for use just when usb 2 became available. So 1394 didn't' get integrated on pc mobo's. On the other hand, for those of us w/ older computers, not requiring mobo support might have been used as an advantage when s800 became available. Vista made people hold onto their winxp computers. Win 7 may have those that can buying new computers w/ eSata support & USB 3. I've read some articles about firewire technical problems, but they were over my head so I don't know how they compare w/ USB, eSata and whether firewire's future will be limited by technical or simply economic factors. Others have had bad experiences w/ 1394 [program & computer freezes]. Mine have all been positive. I've seen different numbers than you apparently have for usb 3 max vs eSata vs firewire. I didn't look at it closely since future max isn't my interest at the moment. I'll look more carefully next time I come across comparisons. Thanks bonestonne, I understand backward compatibility. I understand that an s800 device requires an s800 pci card to run at s800 and that an s800 device will run at s400 when using a s400 pci card. What I don't understand is buses and if there are requirements beyond the 800 pci card. I thought an s400 or s800 device would have to travel over the pci "bus" to get to the pci card. Will it run the same on the pci protocol of a 2002 computer [a parallel bus] as on pci-e, a serial bus? If I understood buses, I wouldn't have to ask the question. Anyway, I've found a post at MyCE that addresses some of my questions and will help me know what questions to google. Thanks to all for your input.

I 'm new to emoticons and not up on slang - for any generation, including my own. What is Woot? What is this guy saying ? Are both of these little people confused , one worse than the other? Is this a wink ? Is this a wince ? I came in late to the game and I don't know the score.

Thanks Grofluigi & Videoripper, My new external hdd came so I'll back up everything to it as soon as I partition/format the new drive. I've been trying for months to backup up my data via optical media and finally got some discs burned and then the system restore and I'm back to Nero crashing or "failure to burn" = coasters. I kinda thought if it was a standard/APM computer it wouldn't have ACPI listed whether or not it had drivers installed. My only guess was that RAID 1 doesn't do ACPI so the ACPI was disabled but installed. If ACPI & standard are incompatible how did ACPI get listed or how did standard gets its drivers installed and enabled by a system restore? Is there some sort of self-repair mechanism that BIOS, hal or Windows has that would do that? It was a recent restore and yet things like my scanner and camera drivers that have been on there since forever had to be reinstalled. Does that suggest a switch from acpi to apm or just a messed-up restore? My computer is the Dell 380 precision workstation, but it could be configured w/ different processors, etc. Mine has the hyperthreading, 3GHz P4 [not the dual core option] & 512 memory, I think the DDR2 533MHz ECC option. I tried letting dell analyze my system and tell me what memory I had [i want to add memory], but you have to use IE, which I did, and it didn't work. The Dell mobo is 0G9322. I'm pretty sure the chipset is the 955X [Lakeport]- I don't think there were other chipset options. The RAID controller is 82801GR/GH per device manager. I've been trying to figure out if my computer should be standard or ACPI. My much older Sony laptop [2002] is ACPI so I would think the dell from 2005 would be also. dell doesn't provide a mobo manual & I don't see it in any of my specs sheets. It may be on their web "manual" or in the specs sheets and I just don't get it. All I could find under Advanced Features was Does this mean the setting should be Standard and I should uninstall the non-working ACPI? Or did LegacySelect get turned on by accident? As per Videoripper, the first thing I need to do is save my data. Then I'd like to try installing the chipset drivers/figuring out the apci/apm problem. Since I want to take down the raid 1 I have to do a reformat/reinstall anyway, but first if possible I'd like to figure out what went wrong or at least what is wrong now.

Thanks everyone for reading & replying I want to run firewire at 800. I know I need to get new pci cards to do so. My new ext hd has S800 and I'm going to have to get a new external optical drive and they had some firewires when I started price checking [or I could get an enclosure w/ firewire + usb] and I'm wondering if I would get the benefits of 800 on my old computers daisy chaining the ext hdd to the ext optical drive. I found the articles I've read on firewire confusing as to how it interacts/is influenced by/depends on the computer's other hardware - like pci, cpu. The PCI card could only communicate at the highest level of the PCI bus, but I don't know how much communication would be between the devices themselves via cable if I was burning to the optical drive files from the ext hdd. Right now I'm just trying to determine how and to what extent the internal computer hardware affects how firewire PCI & PC cards & devices communicate with each other. Supposedly two computers can share a firewire device, but I don't have desk room at the moment to try that out or brain room either. My comparison of firewire to scsi is that both daisy chain and I understood that is because to a certain extent their controllers talk to each other whereas USB's talk to the host controller(s) on the mobo and I seem to remember that scsi's were faster because they were less cpu dependent than ide's because of their extra controller or whatever the card was called vs the on disk controller or whatever it's called. [i've never used scsi -$$ - just read about it which isn't the same thing as experience]. I don't know if firewire using a pci card rather than being chipset controlled equates to any significant differences between firewire & usb or if their differences all result from their different architecture. Back when I configured my first "modern" computer [post win 3.1/98] USB 2 was just coming out. "They" slipped some usb 1.1's into the compuzone computer despite my all usb 2 specs, so I was glad to have my 1394. My next computer was a Sony VAIO that still had usb 1.1 so I was glad to have my 1394 on it. Back in 2002 I had trouble w/ some USB ports so... Thus far I haven't had any reason to daisy chain my ext hd's, but duh me, I ought to do it and move some files around and see what happens. And if OP is Old Person, you got that right sonny boy/or/young lady. But I never put a SCSI 2 drive on a FAST SCSI 2 controller. eSata might be what I ought to be looking at but I've just started reading on that. I've only got one computer w/ SATA drives and I'd have to put in an eSATA port. eSATA seems to be having some of the same problems firewire did. USB is just easier for the computer manufacturers/sellers.

GrofLuigi I followed the instructions starting at 5e and found the nt apm/legacy support under common hardware and clicked on all the next's to finish. The hardware wizard said the device was installed but it couldnt' initialize the device driver and I got the same message about "safe to turn off" when I shut down and had to manually turn the computer off. When I booted up and logged back on nt apm/legacy interface node was now in device manager, but it had a yellow question mark. I checked properties and it says the same thing "cannot initialize drivers for this device code 37" The drive files details window shows green checkmarks next to hal.dll, ntoskrnl.exe, and ntkmipa.exe. I know drivers load before they are initialized, but I haven't been able to find out via googling or topekaing how drivers are initialized. The technet articles advice is to uninstall the driver, and then Scan for hardware changes to reinstall or upgrade the driver, but I don't think I'll try that on my own. The advice wasn't specific to apm. I can't see anything in the BIOS about apm or apci. Videoripper, I have no idea how to reinstall the mobo's chip drivers. Do you do that via device manager > view hidden devices > system and that list of Itel etc's? I don't see anything related to power, and again, I don't want to experiment w/ chip set drivers at my level of knowledge. Uninstalling/reinstalling the cdrom via device manager is about my level.

Thanks to Yannis Cheras for asking the question and to everyone else for thorough answers w/ that little bit of extra info that helps the learning process for future situations. I've been trying to figure this out for ages. I'd got most of them, a lot w/ the help of Blackviper, but I wasn't 100% sure of all of them.

I like firewire and I'd like to start upgrading to S800 where possible. But I can't find the right articles to read to get a better idea how it works. I understand that it's not integrated on the motherboard and from the articles I read it seems sort of like scsi in that it has its own controllers - well ide's do too. I don't know what to call them, but the scsi's "controllers" do more of their own processor-type work. And firewire seems sort of similar but only sort of. Do I need to check that the processor and/or mb supports S800? Is there a guide somewhere to check what processor speeds and other system component specs are necessary to get benefit from an S800 upgrade?

Thanks everyone, I'll try starting from 5e. There were so many layers to that article I got confused. After my long experience w/ win3.1 it sort of seemed normal to see the message "it is now safe to turn off the computer" - but it is a pain. I'm planning on reinstalling/reformatting, but I'm trying to get my data backed up to cd before starting that. Only windows + optical burning has always been unreliable and it's being uncooperative and nero's not helping. I snarl and rant whenever I read "and backup up your data" before doing this or that. Ha! Have I got stories to tell! Last time I reformatted/reinstalled the dell [well, mostly I watched] and backed up to the ext hd, when I went to put back my data the external was just dead. And the blinkin company didn't stock controllers. If I hadn't had priority stuff on dvd's I'd have lost all. I think flash drives are very reliable and this time of year is a good time to look. Last I time I checked it was still too expensive for me to use as backup, but I think I'll check again just in case prices have dropped dramatically for some reason. I also need to run hardware tests before I proceed and read a lot of stuff because I want to take down the raid and buy/install a decent optical burner and maybe switch from 1394 to s800. But not if the mb, processor, hds have problems. Unfortunately, I'm slow. But I can try to get the computer to turn off by reading that article again and starting at 5e.

Thanks cluberti & Tripredacus, I'll add my 2 cents when I think it's at least worth 2 cents.

Thanks iamtheky for the link. I checked device manager and both ACPI processor and Standard were listed. ACPI was disabled w/ no drivers installed. Standard was working ok. Under plug n play w/ hidden devices checked neither ACPI driver nor nt apm/legacy support were listed. I didn't spot anything in the BIOS relating to acpi or apm and there was nothing in my handwritten notes on the BIOS settings done long time back. The dell 380 has a hyperthreading, 3ghz pentium 4. I thought it was acpi capable, bit it's not listed in my dell 380 info table. I'll have to dig thru notes. The dell also has a raid 1. I've come across a couple of things I wouldn't expect that don't coexist w/ raid 1. Don't know if acpi was one. I'm intending to take down the raid and reformat/reinstall as soon as I can get all the preliminaries done. Since figuring this shut down looks time-intensive, I'm just going to turn off the computer manually in the meantime. I think it was windows for workgroups 3.1 I was thinking of as far as configuring for automatic vs manual shutdown. At least, I remembered that I edited autoexec.bat to automatically boot into windows from dos and I think you could configure somewhere so that when you exited windows the computer turned off. That automatic turn off might have been win98, but I spent most of my short time w/ win98 in dos trying to get into windows.

I saw a post today that I know something about [it was what network services are necessary for home networking], but I didn't want to delay an expert's response if I replied. I would begin my reply by stating that I'm a newbie and that he/she needs to wait for an expert to have confidence in the info provided, but I'm not sure how the question/need help posts are shared/flagged/directed to the experts. Should I wait to add my 2 cents until I see that an expert has replied?

I had to do a system restore via recovery console for a refusal to boot into windows for a "missing hal". Now when I shut down I get a message that I can turn off the computer rather than an automatic shutoff. I seem to remember from years ago there was a place to choose automatic vs manual turn off [who knows what windows os that was]. Is there a place in Windows XP where I can choose automatic vs manual turn off? I don't know if it's related, but during the trial and error to get windows to boot one of the things I tried first was rebuilding the boot.ini, which has left me w/ two lines under {operating systems} in the boot.ini file where before there was one. Both point to the same boot partition, but I get a boot menu choice on start up.

I have word xp sp3 on a thinkpad x41 w/ winxp sp3 & 1.5 GB RAM. Networked to 1 win 2k & 1 win xp computer both w/ word 2003. I've been troubleshooting the thinkpad since day 1 for slow performance and explorer/journal crashes. It went back to lenovo and came back more stable and slightly less slow. When I first installed word xp on the thinkpad it behaved like word 97-word 2003 has on all my computers - win2k & winxp. After x amount of time being open on certain days when working w/ several documents or a large document it crashed. But until it decided to crash it handled graphics ok. Then it started crashing if I went to group objects or edit a wmf pic even when it was the first and only app opened after booting into windows. Performance troubleshooting of the thinkpad was interrupted by imminent hdd failure and I've now replaced the hdd, reinstalled and updated winxp tab ed & word, but word is behaving exactly like it did before the hdd replacement. I use word's customization features extensively - my normal.dot has a lot of macros, my toolbars are extensively customized [i'm careful to backup normal.dot] - and I do have some 10-15 MB docs [Word limit 32 MB]. I was thinking of trying word 2003 on the tablet, and if it seemed to handle graphics and crash less of purchasing a license. I was surprised how $$ word 2003 still is in my preliminary searches. I thought of trying Office 97, but it's not compatible w/ 2003 and all my word docs have to be able to be opened, edited & saved on all three computers. Does anyone have any opinions on whether word 2003 is better than word xp or better than word xp on win xp?

Thanks submix8c, Currently I can get from any computer to any computer and I can copy/move files between all three, but I've found that I can't copy a folder from computer 1 to computer 2 and then from 2 to 3 or I'll get the credentials conflict message. But I can create a folder on the 3rd computer and copy all the files over from 2 that I copied from 1 w/out problem. If it stops working I'll create new accounts or rename an account so that I have 3 accounts w/ the same UN & PW on all three computers and added to Share Permissions. I don't know why it's working since two of the accounts I use to go between computers aren't shared by those computers, the username is different on the accounts that have the same pw. It's like I'm logging in locally. And I don't get why the logon box shows up on some connections and not others. I have everyone off any shares on the win2k computer - been doing that since 2002 since win2k's everyone includes unauthenticated users. I don't really use groups since my users are all me and only me. My intended setup was to have an extra administrator account as advised [and make that the recovery agent for using encryption] and a power user account to use for daily work as advised on all computers and to have all document folders accessible by me [and only by me] from whatever account I logged into on whatever computer. So on my win2k shared folders I added all my user accounts to share and security permissions and gave them all full control, left system and creator owner and removed everyone and any other groups. WinXP is a bit different and I read some conflicting stuff that made me hesitate to remove the everyone group. As I understand it, on both win2k & winxp deny takes precedence over permit, so you don't deny everyone - especially from c:\. But removing the everyone group from folders isn't a deny - at least not on win2k - it's just a lack of privileges. Since user privileges = highest of user + group privileges, I can just have the users themselves on the folders - plus system. The Shared Folders function/applet/whatever in Administrative Tools is nice & convenient when I remember it's there - esp when I can remember its run command [fsmgmt.msc]

Edit: Per Ref 1 "Removing the NetBIOS transport" [i.e. disabling "NetBIOS over TCP/IP"] removes NetBIOS broadcast as a means of name resolution. To disable NetBIOS over TCP/IP in win2k & winxp you apparently have to network without using name resolution via broadcasting. I don't what type of windows networking has that option, but peer to peer windows doesn't. Back in 2002 when I was trying to set up an all win2k prof network, there were multiple articles about "NetBIOS over TCP/IP", also called NtBT, being a big security risk. Articles were pretty unanimous & vehement about not using NtBT and uninstalling NetBEUI if you connected to the internet and had TCP/IP installed. If you had to connect to win95/98 or winnt computers and therefore had to install the NetBEUI protocol, you were supposed to unbind MS Client and File & Printer Sharing from tcp/ip. [i came across one dissenting article on the need for unbinding tcp/ip] Some of these articles were in the context of setting up home networks. In none of the articles was it stated that using windows broadcasting required the use of NetBIOS over TCP/IP. I wish I could locate some of those articles so I could have another go at understanding the nature of the risk of layered SMBs vs directly hosted SMBs. Maybe it's moot now. Unfortunately, MS articles and others are not careful to define what they mean by "NetBIOS" or "NtBT" or to be clear about which networking environment to which they are referring when discussing network configuration. NetBIOS was an early networking protocol by IBM & Sytec that MS added network browsing and other features to make the NetBEUI protocol. Windows computers could intranet just using NetBEUI. In order to communicate w/ the internet TCP/IP protocols had to be added and MS used NetBEUI to layer its SMBs on top of TCP/IP. NetBEUI running on top of TCP/IP was called NtBT and also NetBIOS over TCP/IP. Win2k implemented and win2k Ref 2 Ref 3 Putting this and that together and guessing, I don't think it was appreciated back in 2002 that win2k still required NetBEUI over TCP/IP for windows broadcast networking because it was no longer necessary to install the NetBEUI protocol to network win2k computers - you could just install TCP/IP. But an MS article on the Common Internet File System Ref 4 has a diagram that shows the NtBT function native to win2k - I'm thinking NetBEUI is sort of already installed on win2k & winxp. It may be that name resolution via broadcast for win2k/winxp is done via NetBIOS over TCP/IP and file sharing is done via direct hosting. Per Wikipedia "Since Windows 2000, SMB runs by default directly on top of TCP — a feature known as "direct host SMB" where the server service listens on TCP port 445" Ref 5 I did a portqry -n on my win2k prof computer [client service] file sharing w/ my winxp prof [server service] and the established connection between System on the win2k used UDP ports 137 & 138 to connect to port 139 on the other computer. Per Ref 6 that's NetBIOS over TCP/IP. Meanwhile TCP 445 was listening to remote port 0.0.0.0:2064 [i haven't found out what port 0.0.0.0:2064 is yet]- that's direct hosting. I know both transport methods are enabled on the win2k computer - I did the commands in Ref 1 - but I don't know if direct hosting is ever used. I don't see a way to configure file sharing to use direct hosting - altho there may be a cmd.exe command or registry change or sdk tool - and I don't know if there's any need/advantage to do so. I don't see what all the hoopla about direct hosting was about if broadcast name resolution can't use it and file sharing can but apparently doesn't.

Thanks to all for replying, I thought free avg, avast & bitdefender all had the same engine - by which I mean ability to detect malware - as their paid versions. When I went to replace SEP on my thinkpad at the end of 2008 because a vurunda infection rapidly and totally crippled it [despite religious daily updates and SEP's real-time protection] I found out about rootkits while researching av's so I looked at av's w/ supposed anti-rootkit functions and I checked out those 3. Maybe I misunderstood what I read. I certainly don't want a free version that is less effective at preventing/id'ing malware than its paid version. I don't want one w/ popups either but I do want low system resources. If I try antivir I'll read their license agreement carefully and if there's nothing that says not to, I agree w/ Martin H that I should be able to set file permissions and I'll try the command you provided. That virunda or vurunda or whatever infection was the first infection I ever had. It hit so hard and fast I never found out where it came from. Since 2002 I've browsed the web behind a hardware firewall [router] w/ av & software firewalls & windows kept up to date. I'm careful w/ emails, where and what I download and what I run/install. Downloads always got rightclicked scanned by av & spybot or malwarebytes before being opened/run. Very occasionally an av scan would catch and quarantine/clean a suspected infector. Spybot scans only ever found tracking cookies and since I could configure firefox to delete all cookies on closing that only happened when I was browsing while the scan was running. Since 2002 the malicious threats and type of threats to pc's just keep getting worse. Now w/ the emphasis on financial gain rather than trashing a computer or confounding/embarrassing big business and rootkits being published on the web and snuck onto computers by Sony cds, I'm not sure it's possible to secure one's computer. Before, if you obeyed the safety rules you might still get infected if you were unlucky or did something stupid while tired. But if you kept your data backed up, you'd just loose time reformatting and reinstalling. Now, there's the risk of someone having access to the data on your computer without you having a clue. At the time I got hit by the vurunda, I was trying to figure out what performance counters,hardware tests & benchmarks to use on both computers I had running to find out why my windows computers always run so slow and word and paperport are always crashing despite the specs exceeding the requirements. After reading about rootkits I wondered if the slow/poor performance and some of the never-ending list of troubleshooting issues was because there were programs running that windows, av and anti-malware programs couldn't id. I've done a lot of reading trying to determine 1.what was the likelihood that a personal computer like mine had one and 2.how to scan to make sure a rootkit wasn't present and 3.how to set up security for the current threat climate.I haven't been able to determine an answer for 1 or 3. As for 2, per my reading there are 2 kinds of rootkits. One kind can be id'ed by an in system av scan once its signature becomes known, so avg, avast etc ought to be able to detect them. The other requires a scan like rootkitrevealer for detection and that kind of scan requires an expert to read it. I'm hoping that kind is unlikely to be on a home computer. I was looking at panda because their online scanner works on win2k and they have that cloud av that's supposed to be low resource. I didn't see any mention of rootkit detection, tho, either for the online scanner or cloud protection. I thought of them because some of my rootkit research links led to Panda antirootkits for download [still downloadable but not apparently still supported] and they were part of the group that "captured" that Mariposa botnet so I thought they'd be expert on rootkits. I don't think the cloud has proven as effective as avast & avira, whether or not it includes rootkit scanning.

Thanks Tripredacus, This computer was unused - as in sitting in its satchel and never turned on - between april 2007 and march 2010. The first thing I did when I got it networked to the new router and an internet connection was update Symantec End Point Protection and run a full scan. The google articles in the first search page go from 2008 to 2009, so I'm guessing that's when conficker [they also seem to call it/them downadup] was first noted and prevalent. I'd think Symantec would catch it if it was present. I've downloaded ms malicious software tool and I'm running it. I guess I should post in an Am I Infected forum even if it is also negative. Edit: It was negative I double checked the SIDs and they are different from the current accounts on this computer, unlike what I first thought. Also, there is now a 2nd SID in the administrator's %userprofile%\application data\microsoft\protect folder that doesn't match the SID pattern of the user account's on the Sony or the previous unknowns listed in the security tab's permissions, but it has the same last three numbers as the administrator's SID. I had a computer tech help me back in 2007 reformat & reinstall the desktop & Sony. It's possible he set up an account and then deleted it, but if it was a user account the unknown SIDs should have the same pattern of numbers as the other user accounts and they don't. Another thing I don't get is that all my user accounts on all three computer begin w/ S-1-5-21-x. Yet on the MS article on well-known SIDs the S-1-5-21-x combo appears to only be associated w/ domain accounts. Edit: On the above web page S-1-5-11 is for Authenticated Users. The msdn article on well know SIDs associates S-1-5-2 w/ SECURITY_NT_AUTHORITY & S-1-5-2 w/ "Users who log on across a network." There's obviously something I'm missing about these SIDs because all my local user accounts start w/ S-1-5-21 going by the SIDS found in their %user profile%'s & in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. The unknown SIDs also all start w/ S-1-5-21, so I'm assuming they are user accounts and not some system or device account. Edit: I ran malwarebytes and it only found 2 registry entries to repair - hijack.home for ie's home page & disabled security center. Checking Internet Options in CP I did note that the options to change the home page were grayed out & that was fixed by malwarebytes. Conficker did take the browser to other domains. - I forgot that I configured via Spywareblaster to prevent the homepage from being hijacked. So that was a false +. win2k doesn't have a security center, but cking the registry area listed in the report it appeared to refer to symantec firewall. SEP firewall appears to be working OK because I get dialog boxes about whether to allow this or that program to "call out" So that was also a false +. I've run Windows Malicious Tool v3.4 & 3.5, which both list conficker as something they check for and both were negative. There was a conficker test page where if you saw all six images in a box, you probably didn't have conficker and I saw all the images. I checked and I have the security update KB958644 installed that was to plug the security hole conficker used. So I don't think I have conficker. I posted in Am I Infected, but there must be a lot of real infections going round, 'cause no one answered. None of my googling on unknown SIDs has yielded anything x deleted accounts. Unknown SIDS and conficker has gotten me lots of conficker hits but no mention of SIDs. I'm going to try again w/ "extra SIDs" * "account SIDs" No success googling.\ Just an Update: I had a failure to boot into windows on my dell desktop, which previously did not have any unknown SIDs. After troubleshooting in recovery console, including copying over the restore point registry hives to %system%\system32\config, I got back into windows and found I'd lost a user account [the sam hive?] and gained an SID w/ the question mark/face icon on the security permissions tab on shared folders. Unlike the SIDs on the Sony's permissions tab, this one has the identical number sequence as the other user accounts x for the last 4. Still no explanation for the SIDs w/ the non-matching number sequence.

Thanks MrJinje I do move ext hd's from computer to computer. It's nice to have an explanation for where these users w/ the question marks by their icons came from.