saturndude

I am having bad problems too. I installed XP64 Pro on a 120 Gig EIDE drive, because I cannot make it work (cannot reach the second stage graphical install) on a 160 GB EIDE. I've tried many things, as noted here: windowsbbs forum posting and here: asus motherboard forum (I cannot log in to Asus forums anymore, and I've tried resetting my password. So probably no more useful posts there.) What kind of motherboard are you using? I use an AMD 64-bit dual-core, and was told to expand the ntkrnlmp.ex_ from the amd64 directory of my windows disc and to rename it as a drop-in replacement for ntoskrnl.exe. I am told I must make sure the NTFS cluster size is 4K or less, and it is. I tried "LBA mode" in the BIOS, and telling linux fdisk to create a partition table based on that geometry (if you already have a partition labeled "type: NTFS" then XP's install disk formats it [you choose FAT32 or NTFS], but if you have a blank hard drive, XP64 will use the whole drive [again, FAT32 or NTFS, your choice]). Lastly, years ago, we used software that "tricked" our PCs into seeing drives larger than 8.4 GB. I thought this might be the reason I see a "63-sector offset" mentioned in linux fdisk, and this would fix it. It did not. (And yes, I have tried XP64's recovery console with map, fixboot and fixmbr, they didn't work.) (When setting the BIOS to "auto", my 160 GB drive has more than 65535 cylinders, I thought this was causing booting issues. But I tried installing on a 120 GB Western Dig instead of my 120 GB Seagate [both around 57000 cylinders], and I had the same problems I had trying to install on my 160 GB. So I have to keep running XP Pro 64 on the 120 GB Seagate, without knowing *_why_* it works or whether I could ever reinstall again.) If you find a solution to this, please let us know. You are not alone, trust me on that. Answers are hard to find. Good luck!

Will the XP PowerToys work on XP Pro 64-bit Edition? It could be a little while before I get around to downloading and trying them myself. If it doesn't work, I'd like to know before I start to save time. Anybody have prior experience with this? Thanks in advance.

Fixed (kind of). Tried a different disk. XP Pro 64-Bit had no problem installing on a blank 120 GB Seagate Barracuda (7200 RPM). Don't know why. Both disks appear to have 255 heads, 63 sectors/track, and 16065 * 512 = 8225280 bytes/cylinder. Not sure why there were 16 heads in a previous post. Strange. Anyway, all partitions on both disks end on cylinder boundaries on the 64-bit "target" machine, so there *_should_* not be a problem with either disk. I ahve no idea why one drive boots and one doesn't. Maybe I'll move the XP 64-bit partition onto the Western Dig later. Maybe I'll reinstall Windows and activate it later, after I get some other stuff finalized. So I guess you could say it works.

Okay, I played with BOOTCFG. I now have two choices: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP 64-bit Professional" multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect A linux file editor let me push the timeout to 15 seconds instead of 1. Now, both choices result in the message to reinstall ntoskrnl.exe. I did. Didn't help. The screen where I choose OS exists on my 32-bit XP, and I never saw it before on my 64-bit. So the 64-bit is now one step closer to working. Any ideas? Thanks in advance.

Hi everyone, I'm having trouble installing XPPro 64 OEM on a new system (old Athlon 2900 system [32-bit] died). After files are copied, I am instructed to remove floppies from the floppy drive. If I leave the CD in, the first stage will be repeated forever, so I remove the CD too. Now Windows complains about a missing or corrupt ntoskrnl.exe. After the recovery console (expand to replace ntoskrnl.exe, fixboot, fixmbr) the problem remains. Why? Chkdsk complains "there is no disk in drive or the file system is not supported". Tried reformatting from the recovery console and a fresh install from scratch, the problem still remains. (EDIT: To avoid dual-boot issues, the whole drive is one big NTFS partition. For now at least.) The disk is a fresh Western Dig 160 GB EIDE, manufactured 21 Oct. 2004. I left the autodetect in the BIOS set to "auto" where it treats the drive as having 16 heads (not LBA mode). Why can't the Windows install routine format and see a satisfactory first-stage install? This is going to be necessary to "break out" of this loop where I repeat the first stage forever. Since booting is very low-level, motherboard drivers will not have been loaded yet. Windows can see that there are no SATA drives. The disk is set for "cable select" and it is plugged in to the "master" plug on the cable. So it *_should_* work. Why can't the Windows install routine format and see the results of the first stage and proceed? Any help is greatly appreciated.

Hi all, I'm building a 64-bit system ('cause I can't get 32-bit hardware anymore). 64-bit XP Pro OEM on the way. I surf, run Office 97, do some video work (PS Elements, DVD Lab Studio) and I'd like to convert vinyl to digital. Windows partition is 20 Gigs, 47 percent full. Data (docs, spreadsheets, photos and video) are on other partitions. There could be some extra 64-bit libraries, just like linux. But how much space should I allow? Will the same 20 Gig partition be big enough? Thanks in advance.

I would love to believe in a perpetual motion machine. But several times in my lifetime (I'm 41 right now), people have claimed that they made one, and later they (and their machines) have turned out to be frauds. Kind of like the furniture store in my town that has had three "going out of business" sales JUST IN MY LIFETIME and never actually closed up shop (they're still open in fact). I get tired of believing after a while. First, there is friction, as people have said. Even motors like the case fans in your computer have friction. And they wear out. As the wheel spins and turns a load and does work, the circular magnets must be spun around to continue to repel the magnets attached to the wheel. As the workload increases, this will take real, substantial force. It doesn't look like it will take much on paper, but I think you will be surprised. The force needed to repel the wheel's magnets will be equal to the work the wheel is doing (more, if you count friction). If you use coils of wire with alternating current to change the magnetic fields instead of the circular magnets pictured, you have an AC motor. Those things aren't exactly perpetual motion machines. The advantage to motors, of course, is that you can get fantastic torque at zero RPM, like a diesel-electric train locomotive. (Generators, turned by diesel engines, supply power to DC motors at the wheels). And yes, magnets can deteriorate over time, but this is rare, and they are not "used up". The magnets in my flywheel work fine to this day (1981 Honda CM400T). And my Dad's two-stroke boat motors work fine (1981 Evinrude, 1955 Gale).

Hi all, I ran across a couple of interesting problems recently while cleaning a spyware-laden box for a friend (450 MHz AMD, XP Home SP2, 20GB Hard drive set up as one big NTFS partition). Virus Encyclopedias tell me that trojan-downloaders may infect the restore points, which are located here: C:\System Volume Information\_restore{alphanumericstring-that-looks-like-CLSIDkey}\rp123\somefile.ext (with copies of registry files in child dirs for each restore point). After I deleted the spyware from Windows and the restore points, I ran Kaspersky online scan (it uses ActiveX). Kaspersky was able to look at a few of these files, but mostly it said the files were locked (in use), so they were skipped. Here's the interesting part: I thought Kaspersky saw the 'registry-like' name of the parent directory and refused to look in there because of that. But when I use linux to copy the DLL files (some .SAM files, other extensions) to another location, say, C:\badstuff\*.* (NOT in WINDOWS or child dirs of WINDOWS), Kaspersky's online scan STILL says the files are locked. Why? The original infector is gone, so the files aren't hidden, and no secret process or cloaking scheme can hide suspicious activity (or the infected file) from Windows or anti-malware tools. Perhaps NTFS attributes told Kaspersky not to look at the files? Why did this happen? FIRST QUESTION: Any ideas why Windows always says the files are locked? (With a linux browser, I can submit them to the testing sites Virus Total or Jotti's virus Meta-submitter, one file at a time, with no problem. That's how I know the restore points were, in fact, completely compromised and infected.) SECOND question: Here is an excerpt from the Kaspersky report (I saved a copy): C:\System Volume Information\_restore{C42B6269-ABC7-4A34-A58A-AEA45D9A53E4}\RP246\A0305307.exe\stream\data0002\data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped C:\System Volume Information\_restore{C42B6269-ABC7-4A34-A58A-AEA45D9A53E4}\RP246\A0305307.exe\stream\data0002 Infected:Trojan-Downloader.Win32.PurityScan.eh skipped C:\System Volume Information\_restore{C42B6269-ABC7-4A34-A58A-AEA45D9A53E4}\RP246\A0305307.exe\stream\data0004 Infected: not-a-virus:Adware.Win32.Mostofate.u skipped C:\System Volume Information\_restore{C42B6269-ABC7-4A34-A58A-AEA45D9A53E4}\RP246\A0305307.exe\stream Infected: not-a-virus:Adware.Win32.Mostofate.u skipped C:\System Volume Information\_restore{C42B6269-ABC7-4A34-A58A-AEA45D9A53E4}\RP246\A0305307.exe NSIS: Infected - 4 skipped I have read that spyware is starting to use alternate data streams to conceal and spread. Is that what is happening here? I thought "simple" trojan downloaders wouldn't use such 'sophisticated' measures. Googling "Alternate Data Streams" tells me to use a colon with certain commands to insert text files, executables, etc. into an ADS. After they're inserted (and if these streams are in use here), could they be thought of as being in the same "directory tree" as the files they're associated with? That seems to be what the Kaspersky report is saying. Any thoughts on these two matters? Thanks in advance,

Hello, Recently I removed a bunch of nasty stuff from a friend's computer (Presario 7470, 533 MHz AMD, 192 MB RAM). Adware.Hotbar, and I think she also had a LOP/Virtumundo infection. Her machine came with 98, but she has installed Windows ME on it. I disconnected it from the Net in my basement, and ran anti-spyware tools. I used linux to delete the bad files (I was feeling creative). Then I put the drive back in her Windows box to remove the spyware's registry entries (along with specialty tools like Spybot S&D). After I disinfected, I put in the last free version of Kerio, the HP Hosts file, IE-SPYad, the free version of AVG, and of course I removed Uncle Bill's Java and put in Sun Java. So far, it is a pretty standard cleanup for me. After I delivered it to her house, I updated AVG and initiated another scan. It found a few things (AVG classified them as a rootkit IIRC) that were not found while scanning at my house a few days before. Four items were found in windows\system, I believe, and four were on D:, the un-hidden rescue partition (that had hardware drivers, Win 98 files, MS Works, and other files in ZIP or cabinet form). One of the first things that happened after I restarted in her house was that Kerio gave a warning about what seemed to be a real Windows Update process trying to access a legit MS site, so I let it access the Net. I don't have a lot of experience with ME (well, none basically). Did ME have WU turned on by default, or was this a piece of spyware that tricked me into letting it re-download the pieces that I had deleted? Should I bring the PC back to the test bench and use another combination of tools (hardware firewall with NAT and logging, different brand of software firewall, process tools, etc.) to investigate further? BTW, I ran rootkit revealer during the cleanup, but I was not really sure how to interpret the results. (If it is a rootkit, I will urge her to re-format and switch to a microATX with a close-out Sempron 3000 or something. I installed a new PSU, and her case is still good, so it could be done for little cost.....) Who has experience with ME and WU? Thanks in advance for your help!

Okay, got it fixed. I googled the file name. Over at hardwareanalysis.com, much advice and many hints are given for this problem. Some say the problem was mup.sys, others say the problem is the thing that loads after mup.sys. One person said that resetting the ESCD data (load BIOS defaults) forces Windows and ACPI to reset hardware IRQ allocation. I suspect this was correct, since resetting the BIOS fixed it. If anyone wants the "clicky" keyboard, a company called Unicomp still makes them, on the same equipment IBM used, probably in the same plant, 90 miles down the highway from me in Lexington. It really is a treat. Thanks!!!

Thanks! AFAIK, I still have the booklet that describes the DIP switches. Somewhere. I'll look around for it. EDIT: Found the booklet. Keyboard is, and always has been, set for AT. My KT600 board (Athlon 2900) will howl with beeping complaints if I even TRY an XT keyboard. End of edit. But now, XP won't start. In safe mode, or any mode. Even when I go back to the modern keyboard. After XP tries to load system32\drivers\mup.sys, the BIOS reboot routine is triggered. Can I use linux to edit win.ini in Control Panel without booting XP? If so, what is the name of the layout? Do I need to extract a file? I need XP to search for a job. (OpenOffice docs aren't laid out quite the same as in Word 97, though OO can turn my resume into a PDF, then I know stuff will look right.....) I guess I'll need to do a trial install of XP on another machine (or get a boot floppy) to have access to the right version of scandisk. My Norton Utilities 6.01 CD can normally see my NTFS partitions, but can only see FAT because of the current trouble. Any thoughts?

Today I got my old 1991 Northgate OmniKey 101 back from a refurbishment (it had been in storage since 1999 or so). XP won't start with it. Any tweaks, advice, other resources, anything? I really like this "clicky" keyboard. It is right "up there" with the IBM Model M. Clicky, and VERY durable. I tried to create a boot log, but this has never been very reliable (Win 3.1, 98, and now XP). I can FORCE linux to mount the NTFS partition, but I did not find any "bootlog.txt" (improper Windows shutdown probably creates a flag that linux sees, maybe the same flag that brings Windows up with "safe mode" and the other choices). Bootlog.txt was not in the root directory, not in WINDOWS, and not in WINDOWS\system. All I found with the correct date/time was \WINDOWS\bootstat.dat, which consists of: ^L^@^@^@^A^@^@^@^A^^^@^A^@^@^@^@^ (the rest of the file is "@^@^@^@^" repeated to the end of the file. So it is a compiled file or a binary file or something. I can use a hex editor if you like.) I'll try to see if I can boot in safe mode next. My first linux (Caldera 1.2, July 1998) mentioned that linux sometimes had a problem with this keyboard's timing. Hardware detection has greatly improved in *nix. And now Windows is having a problem with hardware? (not recognizing ISA stuff in XP doesn't count, it is not a bug.) Have we officially come full circle now? The irony is delicious. Any help is greatly appreciated.

Forgive me if this advice doesn't help. I think others here may be much smarter or more experienced. Is the rescue partition marked as hidden? Can you see it (probably as D:) when running the Vista that came on the laptop? Can you see the partition table with Emergency Boot CD or similar? To this day, my Norton Utilities 2001 CD is still useful for tasks like simple undeletes, even on XP's version of NTFS (5.0?). Changing the partition type (or un-hiding it) may pave the way for other software tools to back it up (or otherwise build a disc to reinstall Vista). A couple of notes here. First, some rescue schemes may put some weird numbers in the "partition type" field, don't let this scare you. Second, the limitations I grew up with may no longer apply [only four partitions allowed, only one could be the "extended" type, and the extended can only have 4 partitions inside it]. Finding the partition table for the extended partition may be difficult, but laptops are not known for weird partition schemes so hopefully this will not apply to you. I worked on a friend's laptop some time ago. I spent US $10 to get an adapter that let me take the drive out (4 screws held the cover on) and plug the drive into a standard ribbon cable (80-pin) and examine it with my tower PC. (does anybody buy desktop cases anymore?) This might void your laptop's warranty, but I am not sure whether they can tell anything was done (wipe fingerprints off drive). If you take the drive out, your options may increase quite a lot. If you can't create a suitable reinstall disc, copy the partition table and the rescue partition. You will be able to re-create the rescue partition with exactly the same number of bytes in exactly the same location as it is now, and you will be no worse off than at present (I think).

I used to use default settings with Win98SE. Worked fine. Way more consistent than that "Trumpet Winsock" for Win 3.1 in my college dialup days. I put in the ADSL disc and several reboots were needed. Inconvenient, but that's how many things were back then. And nobody told me how to set up the connection (Start --> Control Panel --> Whatever). But a self-install saved money, so.... AFAIK, broadband speeds were equal to what I got under Linux (around 2000-2001). At the time, (Norton Antivirus had a "fat pipe") I could grab big files from the fastest servers at about 360K per second (PCI ethernet card, phone company ADSL). My ISP has since raised its speed (no extra cost). One problem was that the installation disc from the ISP (phone company) did not choose "enable WINS resolution" or "disable WINS resolution" in Win 98. So you had to choose one, and play with it for several reboots. If it didn't work, choose the other (and play with it for several more reboots). Check the ethernet card maker's website before buying (wired or wireless). Sometimes drivers for Win98 don't come in the box, and sometimes they are not available at all. Win98 can use older hardware and still be very capable, broadband internet INCLUDED.

Thanks, I'll check into those links. And I am sssooooooooo grateful! A friend has had BOTH [un]Cool Web Search AND the byte-verify trojan because of MS Java! The latest PC I'm working on is a 533 MHz Compaq with Windows ME and, you guessed it, MS Java. I predict MS Java will be around for several more years at least. Because people don't know any better. (After this box, I've got another infested box to do, then a guy in church has what sounds like a video card failure, then a friend of a friend wants me to help him build a system. Once people find out how good you are, they seek you out!) Another request: What program should I use to extract Windows cabinet files (other than extract.exe)? Sometimes people have a Windows CD (or "rescue disks"), but they often lose them. Or their hard drive has a different version (or there is no 'precopy' directory, or they blew away their rescue partition, or whatever. Stuff happens). Are the cabinet files all compressed the same way? I think they differ. So is there a way to do a "quick and dirty" extract from a cabinet file from any version of Windows?