Posts by gerbil

Fine. Gotcha. Above when i referred to IE I meant Internet Explorer. Try it and report back. for example, if you type c:\windows into the IE address bar then you should see the files and folders inside \windows. Is explorer.exe there? And if you enter C:\windows\system32 you should see winlogon.exe [you must have that, cos otherwise you would not have been able to restart your sys].
Actually, they both should be there because the moment BDF deleted those two at your behest Windows File Protection System should have replaced then both. Obviously your sys does not have a backup of explorer.exe. You could check that by entering into IE address bar:
c:\windows\servicepackfiles\i386 -is explorer.exe there? [you will only have that folder if you have upgraded a service pack, eg SP2 to SP3].

Kaspersky kindly provide this rating scorecard for Firewall leak tests by Matousec.com. Nice. http://www.kaspersky.com/comparative_tests?id=207575592
Here is another scorecard... http://www.matousec.com/projects/proactive-security-challenge/results.php
Notice the top performer? Comodo Internet Security 4.0.141842.828
Free. But a quick web search will turn up reviews of Comodo which are less favourable. Nothing is perfect. You make your choices.

Avast is an excellent AV with a limited AS service. Comodo providess the best firewall [but one which is for people who LIKE to be prompted by a firewall doing its job].
Both are free. Combine them.

If IE works you can temporarily use that as an Explorer substitute. Just type C:\ in the address bar, then rclick and Open files or folders that are shown. And so on. You also will find all Control Panel functions available there - type control panel in the addy bar.
And don't cut the story short.. just how did you lose Explorer? Is the executable gone from \Windows, or does it just not run? Why [especially?] were you running Bitdefender - did you suspect a malware issue, did bdf say what it was?

Try BIOS Setup [enter by Del key?] and disable 1394, if you think you won't be needing it.

I thought you were unable to enter Safe Mode due to the error occurring. Ok, then before safe mode you see an option to use System Restore. Choose a point prior to your trouble occurring, see if a start is possible. The error you report may be the result of a corrupted driver or service, or just faulty RAM.
With regards to RAM, you could dl the package on another system and install to the desired medium. If you have multiple RAM sticks you could try removing one or more, swapping sticks and slots as you try to start the machine with just one stick.

PDFs and text within. Have you ever viewed the coding of sample pdfs? The text content is in binary. PDFs with text can also in fact be images of documents. My advice would be to invoke a pdf reader such as Foxit, and the text view within, select all and to copy. Batch that. Of course that won't work with document images.
Else use something like PDF Text Extractor; there are also command-line versions.

The one-time boot menu is more properly called the bios boot screen, or BBS. You press an F key to access it, which key is shown on the first POST screen. F2? F8? Depends... there you should be able to choose your flashdrive as the boot drive [be sure to insert the USB flashdrive before starting the puter otherwise that option may not be listed in the menu.

You're welcome, Techno. good luck.

Sure. Download the auto installer package from memtest.org, unzip it and dclick the .exe; you will be asked for a USB flashdrive path. Restart your machine with the flashdrive already inserted, use the One-time boot menu to choose the Flashdrive as boot source. Memtest will launch. Windows is not started, in any mode.

Are those the VM [actually Page File] figures from before the change? You have 32GB available [free on disk]... which because of the system management choice is theoretically all available to the PF. I don't understand why you are getting the warning. No process should have that large a memory leak!.
I prefer to use the Custom Size setting; because your Currently Allocated figure is 1586 MB, you could set min 1000MB, max 3000MB.
To keep the PF contiguous on disk you would set min=max=3000MB.
Up to you.
In TM in the Processes, under View tab you could check Virtual Memory Size; see if any process is using an exorbitant amount of memory.

Try to start your system in Safe Mode. If successful remove virgin Media.
If that does not work, then use your F keys or Delete key to enter BIOS Setup; under Power Mgmnt disable Autorestart. Next time you restart the sys capture [write down] the error codes and message re files. Post it.

EDIT:
Misinformation... mine too.
Sorry about the error in those instructions I posted above.... someone once mentioned in a thread that you disable AutoRestart in BIOS, and annoyingly that false instruction has buried itself in my brain. That option is found on the Windows Boot Menu, I know that but if I don't think fully BIOS wins every time. Against reason and method. Anyway....
Perhaps you could replace the post with this to avoid confusion amongst future browsers, and my embarassment...

Try to start your system in Safe Mode, an option in the Windows Boot Menu which is reached by pressing F8 as BIOS runs POST [immediately upon drive detection is most successful]. Remove Virgin Media.
If that does not allow your sys to start correctly, then use F8 to again enter the Boot Menu and select Disable Autorestart. When the sys starts capture [write down] the error codes and message about files. Post it.

"...there i found to upgrade BIOS!

but it was failed, then i found that i will loose motherboard if i install a wrong version!"
Instructions to flash usually come with a WARNING. When they mention problems which come with power loss during flashing [unlikely] or a corrupted BIOS after flashing, they mean PROBLEMS. Your computer will not work at all. For a non-technical person it gets expensive, often it involves buying a new, pre-loaded BIOS chip. Don't flash unless you see some great benefit from doing so.

ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter ..
irstusb.sys
dot4usb.sys
usbaapl.sys
usbaaplrc.dll
You have the above drivers active. I cannot tell which is using your USB port excessively . Try disconnecting your modem from its USB port, also the printer.
Uninstall itunes temporarily and remove or at least Stop its two services - usbaapl.sys & usbaaplrc.dll
You might try using Device Mgr to uninstall and reinstall your USB device [not the PCI USB].
And if all fails, inside BIOS, if you disable your USB the problem will disappear. That's not the fix you are seeking, though.

Admins and their privacy rules which limit access... tsk. What a nuisance!

Firstly, taking/posting snapshots [screenshots]: you might have a key labelled Printscreeen? Press, then open Paint[via Pgms > Accessories, paste using Edit; crop as desired and save as a jpg. In Daniweb, use Advanced, choose to add files and browse to your jpg, Open and post once it uploads. The last is the same for any other filetype in the accepted files list. And if the type is not there you simply zip it and upload that.
Your Commit Charge 1872M/2166M.... [they correspond to Total 1916928 and Limit 2217984 from the CC [K] block under the Performance tab] does show that your sys is, at that point, within 15% of total available RAM + PF size. You do need to increase the size of your PF for the process/applications you have running. Using the process described above by rch increase your PF to 1500MB [currently it is 1200MB?] as a minimum; to the point, you might choose Custom Size, min = 1000, max = 1500.
If problem surfaces again jump max size up to 1800MB. 1500MB should do....
I don't know what applications you are running, but that is a reasonably large PF usage.

And as Judy poined out "You DO have some suspicious entries in that HJT log "
Oh, yes....

Sorry, techno, that commit charge makes no sense to me... surely it is not so low with 47 processes running? Lessee, from TM, under Commit Charge, post the 3 figures for Total, Limit, and Peak. Just a snapshot will do, no need to average em mentally or suchlike.
Knowing that you have 1G of RAM, the Limit figure will indicate the size of your PF. [it is RAM + PF - Kernal usage]. Or just post a pic of your TM.

Hi, go to Task Manager's Performance tab. Urk, it needs a bit of interpretation. So, to start, the figure at the foot of the PF Usage chart is in MB, other figures are in KB, and the conversion factor is 1024.
PF Usage is a misnomer in Task Manager : the figure at the foot of the Page File Usage graphical monitor is the Commit Charge, which is actually the sum of RAM in use + Page File in use.
Commit Charge [KB] = curent total memory usage [of both RAM + PF][KB]. It is just the amount of virtual memory the OS has committed to the running programs.
Limit CC = Most of installed RAM + Page File size. Most of RAM? XP always keeps a variable amount of RAM in reserve. If you disable your page file you will see that CC Limit is less than Total Phys MEM [RAM] by about 50KB or so, the reserve. This rises rapidly as you have more processes running, probably because the OS calculates that there is a bigger chance of an emergency memory call occurring.
At bottom of TM you see that PF Usage number repeated as Commit Charge [Total]. The second figure there is Commit Charge Limit, now in MB ...[x 1024 to get KB].
You have 1024MB of RAM; compare the size of your "PF Usage" to the size of your Page File and you can see how much the sys is using. …

With heart n soul... down the page I see a thread with 86 replies .... that's gotta almost qualify as a legal relationship!

Heya Judy... just trying to ease a little of that workload you have had dropped on your shoulders. You're.. ummm... working like a trojan.
:)

If I may butt in on the safe boot issue, Judy....
It is likely that the combination of malware, that stop code and an inability to enter Safe Mode whilst Normal Mode is okay, that the safeboot key in registry is damaged. This is often done by malwares to circumvent their removal in Safe Mode. Anyway, the following zip file contains the necessary registry subkeys and values for SP2. Just unzip, dclick the .reg file and the contents should merge with your registry.
SP2 still? Go with SP3.... download the M$ executable and run it, it is, I find, more convenient than upgrading online.
And do what Judy recommends.

Blaze, is the accompanying error code 0x000000D1 or 0x0000000A ?
It could be RAM going bad... try using Memtest86+ to test it.... download it in a form to suit and make a bootable medium... floppy if you can, or USB flash drive.
If RAM check passes [let it run for half an hour at least] then it is software based, and possibly malware.
Report back.

Note that you must be an administrator to use cacls. Anyway, perhaps if you ran this and pasted the result the situation could be clearer..
cacls d:\kpg

I must admit.... tsk... you deny all permissions to Everyone and then expect anyone to be able to get access? Luckily, this is XP.
If you used cacls d:\kpg /p everyone:n OR cacls d:\kpg /d everyone to lock then the /e parameter will not allow any cmd containing it to work [there are no permissions to edit] eg. cacls d:\kpg /e /p everyone:f will fail, as should cacls d:\kpg /e /r everyone.
Interesting that cacls d:\kpg /p everyone:f did not work for you. It should, it creates new rights in the acl.
cacls d:\kpg /g everyone:f should have worked, also.
Try cacls d:\kpg /e /r everyone, just in case.

PP, may I butt in again? And puters are the most fault-prone appliance you may ever use...
Maurice, did you actually get a message mentioning file or driver corruption? Or was the cd not recognised at all?
If the former, you might try this so that we may check the values in a couple of registry keys, because I see that you have at least one burning software [Ulead]; are there others?

Go to this web page: http://www.bustrace.com/downloads/free_utilities.php
Towards the bottom of the utilities list you will find Filter Driver Load Order v1.0.009
-click devfilter.exe, and Run it from the site [no need to dl unless you really wish]. Select your cd drive in the window that pops, and click Clipboard. Save to a notepad, and paste into your next post.

That is a good point you have. I think I shall zip my scripts from now on, less opportunity for errors to creep in if all they have to do is unzip and dclick, not even any need to save the file.
Well, error on their part. :)

Not formatting, PP, that WREV 5.00 script enters the value into my registry just fine. It is the header that his machnie seems to be incompatible with, but i do not understand why.

Cool. Just how alluring...? Anyway, we need a little more information. On the error. Is it actually one like this: "xxxx has encountered an error from which it cannot recover and needs to restart."?.. in which case a cause and an error code will appear. We really need those.
Or is it something like this: "The system has recovered from a serious error." and perhaps give a couple of file paths?
There are many versions of those messages.... could you give the exact one? Sometimes there is a highlighted link in the box with more inforamtion. We need that info.

Wah!! Why would not a reg editor version 5.00 script run whereas a regedit4 would? For XP Home??
The Word from M$: "RegistryEditorVersion is either "Windows Registry Editor Version 5.00" for Windows 2000, Windows XP, and Windows Server 2003, or "REGEDIT4" for Windows 98 and Windows NT 4.0. The "REGEDIT4" header also works on Windows 2000-based, Windows XP-based, and Windows Server 2003-based computers."
I mean, I used to use regedit4 as the header, but swapped because my sys punches out the other in exports. Both work here, just fine. Sigh...
So, moggie, if you export a key to a reg file, it is not headed Windows Registry Editor Version 5.00 ?

Or to clarify caper's post, they will appear in the thread if you save the image as one... ie a jpg or bmp. But I can cope with doc files, no problem at all.
I can see that 368 is busy... is overall very demanding. The PCI IRQ sharing is not a problem.
For a start, does your BIOS Setup offer any options as regards USB EHCI support, or for BIOS hand-off of EHCI to the OS? Try turning that option ON.
That is to check if USBEHCI.SYS is working ok. And if that does not work, then you could try turning off USB in BIOS setup - that will not affect your VIA PCI usb.
As you say, something is interfering with the onboard USB controller.... if itworks correctly in Safe Mode then it has to be a software driver issue. Lessee... run DDS.
= Download DDS by sUBs and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr
Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

"copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg", just to reiterate.

Um, moggies, those are valid scripts. There is a blank line at the bottom; be sure to include that for the <CR>.

Fine, Maurice. I was doing some exploring there as regards folders.
So if dclicking the smax4pnp.exe file gets the icon set correctly then this reg entry should do just that action but at startup:

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Merge, else choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP" = "C:\\Program Files\\Analog Devices\\soundmax\\smax4pnp.exe"

There is at the moment no value named as such in your reg, hence no conflict. To test, just restart your machine. If it does not work for you after a restart then this next file will remove that value from your registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP" =-

What the heck was HP doing to create that whacking great list of restore points? You can reduce the size of your sysrestore folder so that you don't have quite so many RPs. But with HP on board it does seem that you do actually need quite a few. Wow.... HP n M$.... guns at noon.
"So I experimented with the various icons in the Soundmax folder and found that when I opened "Smax 4 (control Panel Extension), Soundmax itself opened and the blue Soundmax Icon in the System tray lost its red bar."
"The path for Soundmax is : C:\Program Files\Analog Devices\Soundmax\SMAgent.exe and the start-up type is automatic."
Weird logs. Last RP with Smax is for its removal. Yet it is there later in the DDS as installed. Fine. I guess.
Anyway.... this is the startup entry in your reg: mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
Is that the exe you clicked?
Does this exist in the folder: C:\Program Files\Analog Devices\Core\smax4pnp.exe ? Is it the one you clicked?
If so create [add] another mrun key the same as the one above, but [SoundMAXPnP] = "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
And restart.
Back to you, PP.

Okay, to stop people loading this thread with ads for commercial software, this will do the job of unhooking anything and deleting it:
Unlocker. It is free.

This part I have trouble with:
"
When I expanded System is showed "USBPORT.SYS+0.6086 is the thread sucking up the CPU
I have checked it 3 times. Restarting the computer between each check and it always appears as Thread number 368.
Thread Stack:
0 ntkmpla.exe!KiDispatchInterrupt+0x7f
1 hal.dll+0x8dbd
2 usbehci.sys+0x5696
3 USBPORT.SYS+0x12c2b
4 USBPORT.SYS+0x5d53
5 USBPORT.SYS+0x6190
6 ntkmlpa.exe!PsRemoveCreateThreadNotifyRoutine+0x21e
7 ntkmlpa.exe!KeDispatchInterrupt+0x5a2
"
Is this stack the same for all USBPORT.SYS threads? Note that your ntkmlpa.exe should be [in caps for font clarity] NTKRNLPA.EXE
What hardware did you have connected to that port to invoke hal?
Could you put up a screenshot of PE with Process tree, and DLL View of System 4 in bottom pane shifted to show USBPORT.SYS. Highlight SYStem 4 and show Properties window and stack window of thread 386. Make it something like this:

Perhaps your ISP also has a telecoms business and does not like people "freeloading" [as he sees it] by using voice messenger services for "no" cost. But why he would throttle MSN and not Skype I do not know. Quiz them.
M$ vs Google. The battle continues.

Perhaps there is a log which details when it ran; you might find it is called quite often. Or not. If you use TM to stop it you will discover eventually whether it is required to be running. Or not. Someone familiar with verizon's software on a dedicated site may be able to tell you how to stop it permanently.

Ah, yes, but batman did complete the thread. Which is good for other solution seekers. Blind threads on the net are annoying.

Thanks for the feedback. Glad you have the sys sorted. I guess I assumed that when you replaced the CPU you got the heatsink well seated - it's usually the reason for lifting it.
Did you get the old PSU's voltages tested?

""Hi Gerbil, I actually did that yesterday in IE and I had a temporary loss of all the stuff I had with firefox" ...Wha..?!! IE? That procedure [from a couple of posts up] you do in the cmd window, Helen, the one that pops when you go Start > Run, and type cmd before keying Enter [or selecting OK]. A [generally] small, black window...
Nothing at all to do with IE or Firefox; it should affect neither browser. A point of fact, i rarely use IE, FF I use for some things like banking cos many will not work correctly in Opera [their slack coding/adherence to protocols], which last I use by default. Actually, I haven't mentioned any browser in all of this, they were irrelevent to our discussion.
If you lost some shortcuts from your desktop, then logging back in as Helen should have returned them; note that the sooky account would have been freshly created, with a few default icons and some ghastly M$ backgound picture. I meant you to use that account to remove AVG, then perhaps to copy in all your Helen desktop shortcuts, files etc. I could have guided you in that. Desktop shortcuts are held in a folder in your account plus perhaps some in the All Users category [generally pgm icons which are available to all account holders].
The folders are : c:\docs n setts\helen\desktop
and : c:\docs n setts\all users\desktop -just for info, no need to touch the …

The dual processors should handle the individual threads with no problems at all. Actuators/heads do not come into this because the drive controller or the windows disk drivers will queue R/Ws to the hdd. But possibly the ms installer software could be doing something like creating temp files with non-exclusive names -> confusion.
I don't know, and because I'm not too fussed about saving seconds when installing etc, I aint looking. :)

Cool. Now because "when I did the cmd user thing shows my windows registration number as admin and Helen as guest".... you, logging in as Helen, can never create an admin account because Helen is a Guest. So log in as your "windows registration number" when you start your computer. You will then be an admin. And then do the account creation steps in the cmd window:
net user sooky /add
net localgroup administrators sooky /add
-and sooky is then an administrator! To get sooky to show in explorer etc logoff and logon as sooky. The new sooky account is created at that moment.
Then, logged on as sooky [an admin] try removing AVG again.

Is this a fresh installation? And is another XP installation visible to Windows Setup? Because the file you refer to is RCPCORE.msi, a Roxio installer.
Don't allow your new installation to see the old one before it has completed.

Good-oh, DaM. It does seem as thought the R/W capability has been blasted. Option 2 for the drive is a shaving mirror.

Okay, helen... then this should sort the admin problem - method creates a new admin user. First comes a status check, just for fun, then the creation and conversion.[from my post on page 2]
You should also be able to do it while logged in normally if your sys still sees you as an administrator. Let's see if it does... go Start, Run, and enter cmd
In the cmd window enter..
net user -you see there all the accounts your machine has; some may surprise you by their existence! Okay, now enter..
net user helen [or whatever your admin account name is]. Near the bottom is Local Group Memberships; you want it to be *Administrators. But anyway, it appears to be corrupt, so....
To create a new administrator account you first create a new user, then enter that account into the administrator's group. So, enter these two commands..
net user sooky /add
net localgroup administrators sooky /add
-and now sooky is an administrator! To get sooky to show either logoff/logon or restart; the new sooky account is created at that moment. Copy over docs and setts files, folders from helen. Delete helen. Give sooky a password..
net user sooky * .

I did say "Setting the jumper to Master or Slave should not matter at all, as long as you don't have two drives on the interface identified the same way.", and that is true.
The jumper you placed is to limit the disk size seen by the interface so that a FAT32 format into just one partition can cope with it [for W2000]. That, however, is not the disk size limit, not is it the volume size limit for XP. I suggest you read this: http://support.microsoft.com/kb/184006
and this: http://support.microsoft.com/kb/314463
And yes, you can boot with it. Just that nobody uses FAT32 when NTFS is available... for data security.
Linux is a different kettle of fish as far as disks go. I know nothing of it.

Then you are lucky. He saves you having to learn too much about things, knowledge you may only require the once. I actually do loathe the unending complications that technology has brought into our lives.... the cds of instructions that come with a camera or a phone, the sheer multiplicity of possibilities that are incorporated in all systems nowadays. Geek exercises. For some part.
Anyway, how are you progressing with your various puter problems? Sorted any yet?

Of course you ae correct, moggie, I just reread your post at top of Page 3. Sometimes I don't read correctly, but skip and jump to conclusions. That's always bad. So I looked at your post again, you are missing a space before the first parameter. Should be...
dir "C:\Program Files\Common">c:\XXcopycommon.txt /a/s/og -there is a space before the /a
I only jumped in to save you waiting for PP on a point... I didn't even read your HT log until just now.. You should run an AVG removal tool, there are still a few traces of your old AV there.
Ah, reading back further, I picked up that incorrect path from the post with your system32 dir log : "Also the path of 'Comm0n' is C:\Program files\ HP and the files within that folder are"... and then misread your correction. No problem.
Oh, a small point which may save you some time. The quickest way to pinpoint using PP's O4 entry restoration is to restore half of them, then depending upon the result you either restore half the remaining or remove half the originals, and so on.