Posts by gerbil

Hi. If you opened the cmd window and there ran...
msizap.exe g
the window would have hung around for you to read and then close. Running that command from the Run box will do the same job, but as you found, the cmd winndow does not remain. No matter, it would have listed what it had done.
So, try to install Java RE now.

Oh, crikey! So sorry, I typed in the wrong file name!! Here is the offending post reworded. [I'll get a mod to edit the original for me.]
It is also available from here: http://majorgeeks.com/Windows_Instal...ity_d4459.html
-in this case you are downloading msicuu2.exe -dclick this to install the Windows Installer Cleanup Utility, then from its program folder copy msizap.exe to C:
-you can then uninstall the cleanup utility that was just installed; you only need msizap.exe. And run as above in a cmd window...
msizap.exe g

In the rar package from http://rafaelwolf.com/sharedfiles/msizap.rar there are just two versions of msizap.exe - msizapU.exe is also renamed to msizap.exe, ready to run.
MsizapA.exe is for Windows 98 etc.

" there just wasn't any driver for the system to read from the CD rom."
Hang on a mo... if you think a bit, the sys has to be able to read a cd without the aid of any OS... just with BIOS. It is how it loads from one when you choose to boot from a cd. So. Either your BIOS has a code hiccup and requires flashing, or worse, your motherboard drive interface is a bit cronk - it can handle an hdd, but not a cd data stream. That would be the Southbridge. You might try cooling it a bit, with fingers well crossed. Loading an OS can warm things up.

Okay, that will not work, but I downloaded the software, used it to hide a test folder, and so have discovered what it does.. but now I am not sure whether I should tell you how to recover the files because in doing so I will ruin that piece of software for all. I shall have to ask a moderator.

Okay, try this: go Start, and run..
cmd
In the cmd window that opens enter...
attrib -r -s -h E:\* /s /d
Do you see any of your files now? Names may be changed..

It is also available from here: http://majorgeeks.com/Windows_Installer_CleanUp_Utility_d4459.html
-in this case you are downloading msicuu2.exe -dclick this to install the Windows Installer Cleanup Utility, then from its program folder copy msizap.exe to C:
-you can then uninstall the cleanup utility that was just installed; you only need msizap.exe. And run as above in a cmd window...
msizap.exe g

Mmm... okay, it is a windows Installer problem... let's clean that up. Download this pgm, Msizap.exe, and copy it to your C: root. Do not dclick msizap.exe!!! Instead, open a cmd window and drag in Msizap.exe, then on that cmd line add..
g -so that the full cmd is "msizap.exe g"
Run that.
And try to update again.
---To get Msizap.exe, download this: http://rafaelwolf.com/sharedfiles/msizap.rar
Extract, and then copy only Msizap.exe to your c: root. You don't need the other files in that package; it is safe to delete them..

Hmm.. I think there is a problem with language incompatability.

Another One Size Fits All computer problem solving software. Reading the site's explanation of what it can do is scary enough. Uninstalling the pgm would not help by itself, you should first have used its Reverse function to undo the damage [if it even could...].
You might try reinstalling your mouse drivers [do you have a cd for those?]. AS for cut n paste etc... sometimes malwares can disrupt those functions... try running MBAM [it certainly won't hurt]. Tried a Restore point? You've tried every other trick, so it's no point me suggesting any. Except a Repair, and those can hurt. If you have System Restore functioning then a recent restore point will be available to update the Repair's changes, but you still must download all Security updates again.

pos, go to the nasty viruses etc section in this site, and follow the guide in the first star post at top. Post those logs either here or there. Then we may be able to help.

Try this: download this removal tool, JavaRa: http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download ; Unzip, and dclick JavaRa.exe. In the box that pops press Remove Older Versions.
You might also then try to update Java using the Update button; select the first option, to use jucheck.exe [that will work if Java is actually installed].

When an application is run its processes can be split sometimes into threads which run concurrently; csrss is the susbsystem which manages those threads. All I can say is that some application which has been started is causing csrss to check those files in system32\en, but is not actually using them else I suspect an error message would be generated. With only this browser open my machine does not log any such Path Not Found entries in PM; with one particular data streamer it does log a few every couple of minutes. But no error msg results... everything works. So i could suspect that it is not these that is your problem. Check the sections in Event Viewer to see if any catastrophic errors are reported [rclick any Error or Warning line and open properties].
You might try temporarily stopping your non-system startups via msconfig, incl your AV service and firewall, see if that makes a difference to your startup times.

Yes, I see its traces. Currently the best detection/removal tool is MBAM, and is kept well up-to-date. Really. Run it. Any tech you take the machine to will use MBAM to clean it as a first step.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Those C:\WINDOWS\system32\en\... checks are by csrss.exe?, and only take a few tenths of a mSec each? Then I would not worry about them , esp if no error is being generated. They must be mentioned in some threads that csrss is organising, but are not actually being called [used].
You might try a filter something like Duration is more than .01 then Include.

Depends a bit on how that pgm hides the files.... maybe by simply changing file attributes and names? If it does the job without encryption then it should not be too difficult to find them.

Hmmm, well, that obv does not leave you with enough space - you need another 15GB or so. You either must find another way to manage that, or switch to another method. If slaving it to another Windows pc [or installing another temporary Windows OS] does not work [explorer has to see the files], then utilising a Linux bootable cd might, but I cannot help you with Linux. Plenty here can, though.

Yeah, maybe it is just Google being clever, pre-loading that subject line so she can do a search for it, or open that email in Outlook. Google want to own the world. The bit Bill doesn't.

Occasionally it would, because sometimes Service Name is the same as the Display Name, as you would have noticed.
Cheers.

Because you are in fact copying a partition with all its associated structures [partition info, file table...] and not just its files you cannot copy it to an existing partition, it has to be to space that is free...ie. unused by another partition. That is unallocated space. You either use a new drive which you do not partition, else create it by deleting a partition or shrinking one.
As an example of the last, say you have a data partition of 200GB, but it only holds 20GB of data currrently. You can use the Resize tool to push the RHS of that partition down to leave, say, 40GB in that partition. [Pushing down the RHS saves the tool from moving much, if any, of your data to the remaining space; defragmenting that drive first makes the process easier]. After that job has completed there would then be new, unallocated space of 160GB, plenty for your partition copy.
So then you would select that as the destination for your copy job. Here, also, the pgm knows how much actual unallocated space the job requires, so in the final step of that wizard you can shrink the unallocated space to the minimum if you so wish [the tool will prevent you from making it too small!]. To resize, use the sliders, it is easier, and you do not have to be MB accurate. And don't forget as a last step to allocate the new partition a drive letter, otherwise Explorer …

And be sure to use the Service Name, not the display name. check via ..
sc query

Sure. Go here : http://www.partitionwizard.com/partition-wizard-bootable-cd.html
-click on Bootable CD, then in the RHS of the window at How to Get you will see the link, http://www.partitionwizard.com/download.html
-towards the bottom of that page is the Home Bootable CD download link. This tortuous path of links gives you the chance to read the site.
-download that .iso file and burn it to a cd [do not open and burn the contents, burn the iso - it is a disk image].
-use that cd to boot your sys [pressing F8 during early BIOS POST will give you the one-time boot options: choose to boot from your cd drive].
-in PW [here we will assume a partition copy]...press Copy Partition Wizard.
-first select the partition to copy; in the next step the destination space or disk [note that it must be unallocated space because you are copying a partition with all its "container" information such as size, as well as its contents].
-in the next step you can resize the destination space if you so wish by dragging the sliders [you can make a smaller partition but will not be able to make it smaller than the used size of the original]
-press Finish, and if you are happy with what you are about to do then press Apply for the process to commence.
So... summarizing...to do this you need unallocated space on a disk; if your destination disk does not …

Yes, you will lose all your data once it is in Dell's hands. And I don't have a fix for the problem. So.
There are a few ways to get data off first.
-remove the hard-drive and slave it to another computer with an adapter, copy off files.
-use a bootable cd with an OS which will allow you to copy off eg Linux.
-use a bootable cd which will allow you to image partitions [or the whole disk] to another, external drive. Partition Wizard has a downloadable iso which you burn to a cd to do just that.
Personally, I'd try the last option first, but that's cos I have a Linux phobia. It stems from the command words etc they use.... ecchh!... It saves you from dismantling your machine, which Dell may not appreciate. Or, if you do remove the drive, you can still use the install version of PW to image the disk or partitions.

Ok. Perhaps it is time to get Process Monitor from Winternals [old Systernals team]. Set it to boot log from startup [under Options]. When you finally gain access to it after a fresh start, stop the logging. You will have a huge activity log, so the filter will come in handy. Basically, you should be looking for large time intervals in the Relative Time column as an indication of what is stalling the login process. Use the task icons to isolate each activity in turn. Try checking services and drivers via the filter - set it to include System as a Process Name, and Path to end with [or include] .sys
You can also use the filter to simplify checking for time gaps, or long durations. A freeze will originate with a driver, service or file taking a long time to load or run. I doubt if it would result from a registry access.
Something will show up.

Safe mode. There WILL be an ADMINISTRATOR account there - you cannot delete that one.

Glad you sorted that out, and I know you managed it two years ago... :)
Anyway, another method to keep in mind is Darik's Boot n Nuke - you load it to a floppy or USB flashdrive, or burn the iso. Because it makes a bootable medium from which you then restart your sys it doesn't care what OS is on the hdd. It just wipes it.
Cheers.

BlackFoot is right... your explorer did not start. Could be corrupted, could be the registry entry to start it is corrupted. So, to see if it is the former use TM to run explorer.exe . If it does not start [no icons etc show] then copy in the file from another system to Windows\explorer.exe
If your browser works [start it via TM eg enter firefox.exe, or iexplore.exe] - you won't need a pathname because the path will be in your environment settings. Use the browser to open files etc.
Registry entry bad? In TM run regedit.exe, and this is how the key should be:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]//
"Shell"="Explorer.exe"
If that entry is not correct then this will put it right [and do no harm if you run it anyway]:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Merge, else choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

During POST [startup] try pressing F8 to get the Startup Options menu, then select Start in VGA mode.
You may then be able to reinstall your video driver from your chipset or graphics card cd. Because you can run your sys in Safe Mode, you could do this there, also. It does appear to be simply a graphics driver software problem... does you sys have integrated graphics [in the mb chipset] and/or a separate graphics card? What is the mb model?
"Should I run the windows disk and repair the master startup partition?" With regards to a Windows Repair, should you choose to do this, you most likely will retain access to all partitions and data files.. a Repair replaces windows opsys files and some of the registry, it tends to not overwrite data etc, even in the C drive. If by misfortune your partitions become lost we can reinstate those, generally speaking, if they are not overwritten. But because you then need to reinstall your chipset, graphics etc drivers, and all security updates, plus again access to a recent Restore Point to bring your sys back up to date why not try to reinstall your graphics drivers in the first place?

Groan. It is after that logo/loading video that graphics is switched from the 16 colours [4 bit] to the 32? bit graphics driver. I could guess that there is something wrong with the latter. Try starting in Safe Mode which uses the 16 colour graphics mode throughout, go into Device Manager and roll back your graphics adapter driver.
Update it.

It is after that logo/loading video that graphics switches from 16 bit to 256? bit graphics driver. I could guess that there is something wrong with the latter. Try starting in Safe Mode which uses the 16bit graphics mode throughout, go into Device Manager and roll back your graphics adapter driver.
Update it.

Electric arc furnaces?
I always feel uncomfortable about hdds and vibration/shock, esp while they are reading/writing [the heads sit on the disk surface at no/low speeds, and ride on a molecular dimension air cushion at normal speeds]. But makers say they can take 5 or more G's, so.... Anyway, to eliminate vibration try a foam pad under a sys.
Anyone with a fluffy beard should be wearing some sorta stocking over it in a machine shop. Simply safety.

"please keep these sort of comments to the geeks lounge, where it will be more appreciated"
Knew there was a reason I hadn't been to the geeks' lounge.

Ah... but it happened even with the network disconnected from a computer. I'm looking at a common culprit, and you happened to drop the name of a good start. Symantec Endpoint. How often did you try a particular machine in a different location?
Could it be RFI?
Do these machines have wireless networking cards fitted? Because then it could be wireless hacking [of your network or individual machines].
If you find a good location does it always stay good? Simple, reorganise your office.. :)

Sleep is important.
Ok, you have to find a shlwapi.dll file to copy...
- forget finding one in your sys.
- use the free download on this page: http://dll.downloadatoz.com/shlwapi.dll-file.html -all you need do is dl it and use RC to copy it into your sys from some medium, a floppy . You will be restarting your sys so don't worry about the regsvr command.
- else, and easiest, copy it from the sys you are using now to a flashdrive or floppy... it is in system32.
Then, using RC, enter these commands:
map [this will give you the drive letter of your removable medium].
copy a:\shlwapi.dll c:\windows\system32 [for a floppy; change a: to whatever map gives you for the medium you are using].
Start your sys. Crossing fingers sometimes helps here.

I know those isos are good _ I have burnt them, still have a cd of the first. Persist with it; burn it to a re-usabel. Make sure you burn the iso disk image itself, do not open it and try to burn the contents. For example, Nero has a quickstart option for burning a disk image.
A naked XP? Gee.... I didn't get to use anything earlier than SP2, so I am not sure where XP-naked caches shlwapi.dll. No matter, it is available for download everywhere, and will be backwards compatible. Sure to be... And your sys is not caching it anywhere, because you renamed it and a replacement did not pop.
Your problem is not hardware-based, the file in question deals with software.

Whoops... dunno what I was thinking here: "then you do not have it in cache [which for SP3 is servicepackfile\i386]"
The cache will be, in this case, simply because it exists, the relevant folder in $hf_mig$. Because it is the most recent version, from a KB release.

Ah.... :) via an XP installation cd, or dl an iso from...
http://www.thecomputerparamedic.com/files/rc.iso
http://www.webtree.ca/windowsxp/tools/bootdiscs/xp_rec_con.zip
Either will create a bootable cd when you burn the iso.

If you have SP3 then the most recent version of shlwapi.dll came with KB975713, and should be sprinkled liberally, in system32, $hf_mig$, Servicepackfiles\i386.
If you renamed it, and upon doing a refresh there was not a new copy there, then you do not have it in cache [which for SP3 is servicepackfile\i386]. WFP = Windows File Protection System.
Because your sys is no longer booting you will have to use the Recovey Console to copy it in from one of those locations. A bad shlwapi.dll will pretty much shut your system down.

"I need to get all my photos of it, as some of them are really important to me as I am a photographer."
What is that old computer saying...something like: If you don't have a copy of your data, then it really isn't all that important to you...? Computers have a knack of confronting you with that "truism".
If you have free space in a partition in your internal hdd then you can shrink it [move its RHS] and then create a partition in the newly freed space. This is the pgm to do just that: Partition Wizard Home Ed. Far more convenient than UBCD. :wink
But it does seem that the partition table in the external drive is damaged... you could check that [ and repair it...] with this pgm: Testdisk
If you need help with that, just repost.
Both pgms are free.

The problem lies with shlwapi.dll. It being a protected file you could try locating it in system32, change its name to shlwapi.dll.old. Within a few seconds WFP should copy in a new file from its cache. If this does not work, go Start, and enter in the Run space:
sfc /scannow
You may need your installation cd.
[you will not be able to delete the renamed file until windows stops using it in prefeence to the new file... say, after a restart...]

Explorer.exe is not behaving correctly. When explorer starts during boot, it knows only what it needs to know. If you open My Computer then explorer.exe will only then read the disk partition table, and further read partition [or drive] information like the name, size, last access etc.. So it will show C,D etc only as drives... but when you actually select D: it should go to the disk and read the root filelist plus any directory names. If you select a D: directory, it then goes in and reads that directory's filelist plus any subdirec.... you get the picture? Explorer investigates the disk level by level as you push it, a prcess of expansion.
So when you first select D: you should hear/see disk access happening. Do you?

It often is the result of spyware, etc, ravi. Try this, too:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Why not check out the similar threads listed beside our post, ng? Don't set yourself back heaps by doing something as drastic as a Repair.

Test the RAM. Memtest86+. Dl the iso or USB versions, do the build [eg.. burn it] and then boot from that medium. run the test for an hour or more. One failure means bad RAM.
Just cos a shop sold it doesn't mean it is in working condition.

Gee, jerry, thanks for the accolades. And the ads, too. They are sure to come in handy. Sure to. I dunno where the world would be without ads.

You are posting on several sites. i appreciate the panic that such problems can induce, but by multiple postings you overwork the few volunteers.
Anyway... start hijackthis again, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Audio HD Driver] F:\DOCUME~1\Owner\LOCALS~1\Temp\SystemDriver.exe
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKCU\..\Run: [Audio HD Driver] F:\DOCUME~1\Owner\LOCALS~1\Temp\SystemDriver.exe
O4 - HKLM\..\Policies\Explorer\Run: [Audio HD Driver] F:\DOCUME~1\Owner\LOCALS~1\Temp\m7Z10PZUMByl.exe
O4 - HKCU\..\Policies\Explorer\Run: [Audio HD Driver] F:\Documents and Settings\Owner\Application Data\SystemDriver.exe
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

Delete these files:
F:\DOCUME~1\Owner\LOCALS~1\Temp\SystemDriver.exe
F:\DOCUME~1\Owner\LOCALS~1\Temp\m7Z10PZUMByl.exe

I have no way of telling if this is legitimate: O4 - Startup: aitagent.exe
-you should check the properties of aitagent.exe [system32] to see if it is the valid Microsoft file; if it is, all is fine.

This one, O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing): I don't know, but could suspect, that this is a Windows hack [Anti-WPA?] to bypass validation..? Remove it, or I cannot help further. It's one of the sensible rules here.
Right, try to restart in normal mode, if successful, run first MBAM as shown below, then run hijackthis again and post both the logs. …

Geez!! And you hope to do useful work like that??!! No eyeshade? A long-dead ciggie planted behind the ear will do...

Nothing has been repaired, yet. But now, with your Xp Setup cd in the drive, boot should detect it, and ask you to press any key, as I posted about earlier. Load the RC.

Aw, heck. If you get that error when trying to enter the RC then there could be a hardware problem. The RC has to be able to actually see your Windows installation so it can start; if it cannot find it then then there is nothing it can do with it, so it won't run. It looks like your hdd cannot be read. You could power down and ensure the hdd cable connections are soundly seated, but that's about it.
As another check, if you use the installation cd to enter Windows Setup, does Setup find your drive and partitions? You can exit at that point.
[ When you see the Welcome to Setup press the Enter key; R would take you to the RC].
If you do get into the RC and can run chkdsk /p and it does not help, then try:
chkdsk /r
And then, if needed:
fixboot

Did you actually get that error msg "UNMOUNTABLE_BOOT_VOLUME" when you attempted to enter the RC? Or did you select Windows Repair? [don't].
And no, if in BIOS you do not want the Boot Configuration screen, you want the Boot Screen. You can change the boot order in there if you so wish, elevating the cd drive above your hdd.
When you do finally enter the Recovery Console, running chkdsk /p should cure the "UNMOUNTABLE_BOOT_VOLUME" error.

I would not do a Winodow's Repair just yet.. it blows your setup back into the stone ages.. to when you first installed XP [cos NO-ONE EVER updates their system files...].
Yes, you can modify the boot order in BIOS, but I don't do that just to boot from a cd.
Perhaps you use the Esc key on that sys to gain the Boot Selection Menu?