Posts by gerbil

Thanks, nil. It's tough ivestigating in-house or company software... that which is private is open to question merely because it is not known. thanks for sorting those details.
12 -14 days? something you did eradicated it - be happy with that.
Cheers.

I knew there was a reason I wouldn't get credit for fixing that problem. The case?? I know about emi, but.... sometimes, when doing test installations I will just build a system on the benchtop, no case involved.
You did check the PSU earlier?
Anyway, this time I'm gunna throw for the lamp. [By that I mean that I already exhausted all my thoughts on the failure..]

Combofix has removed your KIXTart script tool.
Did you intend for your wallpaper [background] to be set as "wallpaper"="c:\winnt\system32\kix32.exe in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ?

c:\winnt\system32\mscc.dll =could you check the properties of this please? You might submit it for scanning...
==Please go to this web page http://virusscan.jotti.org/, click browse and submit this file for examination [use the Choose button to browse to the file]:
-post the result, please.
The folder 1E appears as if it masquerades as IE; what is this program?
c:\program files\1E
c:\documents and settings\All Users\Application Data\1E
These next I suspect; do you know the 3 .exes? If not, delete them.
2010-07-19 15:09 . 2010-07-19 15:09 24576 ----a-r- c:\documents and settings\1164623\Application Data\Microsoft\Installer\{AF18DDC5-1CF6-C5DD-3FF6-1E687DC0BBE1}\Icon047153950CF67C54.EXE
2010-07-19 15:08 . 2010-07-19 15:08 28672 ----a-r- c:\documents and settings\1164623\Application Data\Microsoft\Installer\{6F310ED0-4A2C-CBA3-05E3-E5AD46044D94}\Icon35FC33EA5BDF78E5.EXE
2010-07-19 14:38 . 2010-07-19 14:38 32768 ----a-r- c:\documents and settings\1164623\Application Data\Microsoft\Installer\{2735EFD5-9C2F-C76F-39BB-EC65638C80FB}\Icon4F911834D8D8730B.EXE

Check your PSU voltages... some may be too high.

Whopper, i've not seen that before in Safe Mode. Coupled with your earlier post i am going to edge my way out on a limb here and say that those files are corupt. A couple of things to try are:
- load into a Recovery Console and try to run chkdsk /r
Chances are , though, that the RC won't recognise your OS....
-next is to trust that the hdd is not totally wrecked and load another XP OS into a fresh [Primary] partition [or into a data primary partition that you can waste], then because it will have files for the identical hardware, copy the files from that list into the old Windows. How to make a new partition? Download Partition Wizard bootable iso: http://www.partitionwizard.com/download.html
With that cd version of PW [identical in operation and features to the Windows version you can resize an existing partition if it has enough free space to create Unallocated space, then create a new primary partition in that space. You need about 2GB...it is quite simple to do.
eg. you may be able to shrink your C: and create a D: behind it. Load a fresh Windows into that.
Good luck. I would be doubtful about keeping that drive, though, because of the DST msg. Copy off.

Tolja. You just didn't believe me.

Assuming that you have a system32\dllcache [you have to unhide protected opsys files to see it..]...oh.. instead check for it by doing this: search for win32k.sys using the search tool. If win32k.sys shows in system32 AND in system32\dllcache [plus other places] then go into system32 and rename win32k.sys to win32k.sys.old. Refresh explorer [View tab > Refresh], check that a new win32k.sys file has popped. If it has you may safely delete win32k.sys.old after a restart [windows is still using it until then].
Still fails with a BSOD? Two things, then... your replacement file is bad [unlikely] or you RAM is bad -PAGE_FAULT_IN_NONPAGED_AREA .Non-paged stuff is data that is not to be ever moved to the page file. So you check RAM with memtest86+. Gurgle that, at the host site you will see options for creating a bootable cd, floppy or USB flashdrive. Do it, boot with it, run it for an hour or more. ONE error is bad RAM.

Nah... it's hard to lick off all the butter.. leaves a smear which can upset the laser. And everyone expects you to lick at a raspberry n banana tart filling.

Programs which are dependent on IE8?? It's a browser. Rollback to IE7. Here is how: http://support.microsoft.com/kb/957700/en-us
Note well the point re SP3.

So USB ports are blocked for non-admins... what about cd drive? You got one that can just read? Then Sumatra portable will do the job, perhaps. It does not install, is stand-alone. You would dl it at home, install to a cd, hide the cd inside a raspberry and banana tart, at the office just drop the cd into your work box and dclick the executable. Drag your pdf into it. Or browse to it.

Or , to cut things short, you could use the Recovery Console in system32\config to rename system to system.bad, and then rename system.bak to system. And try booting.
system.bak may be system.sav.

On screen, nothing much does happen, but config.txt is then on C: drive root. Here is a little batch file, does pretty much the same thing:
Copy the text in the box to a notepad [format/wordwrap unchecked] and save as showme.bat to your desktop; dclick it to run, then post the file config.txt

dir %systemroot%\system32\config > C:\config.txt
start c:\config.txt
pause

If you cannot get that to work then just run this in cmd: dir %systemroot%\system32\config
..and write out this info; post it here: I would like to see the creation/modified dates of these files. Most likely they are the same for all, so just give them once and say.
SAM
SAM.BAK
security
security.bak
software
software.bak
system
system.bak
default
default.bak

The case!! Ohmygod... the case.
Check in BIOS to see if it is identifying the processor type correctly, and so assigning the correct hal.
I know you've checked there is no sag in the voltages.

To my ears, Baby, children just don't have musical voices... too immature. Okay, an exception is boy sopranos, the ones the priests... umm.. mould.
Beiber.... he's done well, and all good luck to him, but for me.. this of yours is key : he's hard to find, take my word.
Phew. I could guess that he's likely to remain one of those youthtube phenomenons.
Cheers.

"i dont really understand what u mean by post config.txt
i can manage to type dir %systemroot%\system32\config in CMD
and i see a list after that...but what do i do next?"
That's not quite what I expected... you should have typed the full line to create file, C:\config.txt:
dir %systemroot%\system32\config > C:\config.txt
You could have then just posted that file via Advanced Editor below.
But the way you did it, you can in a cmd window rclick in the top border, go Edit, Select all, then again but Copy. And paste into notepad.
I wanted the info to see if you had a set of hive backups in the config folder, eg SAM.BAK, security.bak etc for all 5 hives, and if they were of useful dates... ie, not too old but before you did the "tuneup".
So.... check that your sys is now as you expect it to be.... I'd reverse ALL the changes that TU made. And toss it. Look, I just plain do NOT believe in registry cleaners, optimisers etc unless you EXAMINE each and every entry they propose deleting, and KNOW what they represent. But they remove so LITTLE in the way of nuisance/extraneous/useless entries that they are a waste of time. Your reg hives are huge, the cleaners boast of removing what seems like a lot, but is mainly stuff that would be cycled out normally, anyway.
System optimisation? Yes.. there are settings you can change to …

So what is common to your setups that fail [excluding the hdds n RAM]? What are the mbs? Are you using a video card, or using different or same for each setup? Have you tried another cd?

Well, that is a start.... it is certainly part of explorer that is working. But there are some grave registry problems. Okay. Lets check for system file problems first. Into TM > Run again, and enter this:
sfc /scannow
-you will need your installation cd.
Then [or you can do this first], run this in TM:
%systemroot%\system32\cmd.exe ... or just cmd will do in TM. In the cmd window enter:
dir %systemroot%\system32\config > C:\config.txt ...post that file, config.txt.
And then do this in cmd window:
You can then use dir, cd etc to find the exe in Program Files\Tuneup Utilities, and start that program from cmd. The cmd you should use would be something like:
c:\Program Files\Tuneup Utilities 2009\tuneup.exe -you will have to track down the exact path with dir.
If the pgm starts, there is an Undo or Recover button at top right. Use it for a total reversion of all actions you took.

Perhaps it wants to load the LaCie drivers?

memtest85+. Gurgle it; from the prime site there are cd [.iso], USB flashdrive and floppy options, all bootable installers. Load it to a medium, boot with it, let it run as long as you can bear... an hour is a good start. Just ONE error is a total failure of that stick.
Because you are already having a lot of fun, you could try pulling the drive at that stage and modifying boot.ini by adding /pcilock to the top OS choice line [not the default entry]. See that the drive and partition numbers are correct.
/pcilock forces the OS to accept all hardware interrupt info from BIOS and not to build that configuration table itself.
You do realise that I am guessing here on that last bit.... you do have a hardware problem somewhere, your problem appears when Setup is interrogating all hardware devices. Oh, and give it time before quitting.. 10, 15 mins, maybe..? It is a newborn baby that is feeling its way.

I will try - I am not familiar with Intel BIOS. But somewhere in the BIOS will be a page of settings for hardware, perhaps the chipset page. And there should be a SATA Configuration entry.... set that to IDE mode.
When you do that your mb will interface with the drive so as to present it to the OS as if it was a PATA [IDE], and your OS will then not require software drivers to handle it [iastor.sys?].
Something else... that mb will not handle high speed SATA II [3GB/s]- you must ensure that the rear jumper is in position to ensure compatability at the slower SATA I speed [1.5GB/s]. I don't know what Sata drive you have.... perhaps there is a jumper, perhaps not, but I think you need one if your drive is SATA II... you check that detail.

People have no idea how useful a pen n paper can be, it would seem. Crikey a pc pw is not guarding Fort Knox. Only your lil brother would want to get in.
Err.. there is still gold in Fort Knox, I take it...?
Anyway, I hope you have not tapped someone on the head with a lump of bollywood and stolen his computer.... this works well, and is straightforward enough: cd080802.zip.
Gurgle it.

In BIOS, configure your SATA to IDE emulation. Some mbs just don't appreciate a mix of SATA and PATA drives, may not even recognise an added SATA drive when configured as SATA.

How old are the mbs? Would it help, perhaps, to update their BIOS code [flash]? It would appear that it is a hardware problem. Do forced restarts freeze also? Unplug everything you don't need for installation... USB, firewire, modem, simplify your graphics [ie. if it has onboard graphics don't use a graphics card]. Do a RAM test with memtest86+.
You don't need Windows to flash BIOS, well, not on my systems [although it is an option]. Just dl an update to a floppy or whatever your sys and BIOS will handle.

Ah, a proprietary trap. If you have many such files, you need Nero. If you only wish to use a few at a time, just rclick each and extract to somewhere with WINRAR, or similar. Bulk extraction of a group of files with WINRAR may not extract all files, but may be worth a try. WINRAR is no longer free. Nero uses a compression algoritm [if you left it set so], hence the need for a decompressor like WINRAR. I have not bothered checking exactly which algorithm is used... there are likely free decompressors available which will handle the job. Like 7zip, which I found very good as a general pgm to keep for such zipping/unzipping, but in the end chose WINRAR because it is slightly more comprehensive.
Okay.. I just created some Nero backups, test installed 7zip, and applied it to extracting first one file, then a batch of files, and it succeeded on both counts beautifully. Get 7zip.
The yards I went for you.:)

:).
And I'm not sure why you posted the version history and explanatory notes instead of a hijackthis log.

And if you enter explorer in TM, do you get it to start... ie see the taskbar etc?

Call of Duty game? Rabia is middle-eastern name.
Anyway, from Winternals get Process Monitor. Start it, set it to boot log via Options, then restart your sys after deleting that key. Open PM and stop the logging, then search for that key and see what created it.

Oh, and in case Ctrl-alt-del does not work on your sys to start TM, Ctrl-shift-esc always will.
Ah, fine... with msconfig open try what Caper suggested above.
Also from that msg it is possible that System Restore is turned off. Run: services.msc and scroll to System Restore. Right click and check "properties". By the way, if you enable it, it is only necessary on the OS partition. But I'm afraid if it is off then you will not have restore points.
Can you start that tuneup pgm via New task?:
%programfiles%\"tuneup utilities 2009"\tuneup.exe ... or whatever the path is.. I'm just guessing here. But if you can, there is an Undo option.
Another one: %systemroot%\system32\cmd.exe ... or just cmd in TM. You can use dir, cd etc in cmd window to track down that exe, and start it from there. Perhaps it will run with the damage you have...

Ah, then you don't have explorer.exe. :)
You can start a browser [perhaps] from Task Mgr > File, and run other commands from there. eg, enter msconfig ... And if TM is working like that, then you can access System Restore [if that will help] by pasting into TM ..
%systemroot%\system32\restore\rstrui.exe
And IE: %programfiles%\internet explorer\iexplore.exe
Got a browser? Use it like explorer, but you must enter the full path to whatever command you wish to run.....egs:
%systemroot%\system32\msconfig.exe
C:\windows\system32\msconfig.exe

Get memtest86+, load it onto a floopy or USB flashdrive.. boot your sys with it. If RAM passes that, then remove all extraneous hardware, even all hdds, and see what error message you get about loading an OS, if it gets that far.

It devastates me that such a thing as a Beiber has happened.
You have one of the rolls-royce AV suites there... gotta trust it a little bit. Stay outta the trashy sites... boxing, gambling, sex... that sorta thing.:) Even mouse-overs can do you in, so it is getting easier to get hit.

Just follow those instructions. Or if you have, just give me the value of autorun... it should be 1 or 0.eg:
autorun REG_DWORD 0x1
is a value of 1.
OR: autorun REG_DWORD 0x0
is a value of 0.

Use the Windows button, then press r
Next, enter msconfig

Lady, if after you insert the cd you then press the F5 key does it accept the cd?
Could you please do this:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat to your desktop; dclick it to run, then post the file showkey.txt

reg query HKLM\SYSTEM\CurrentControlSet\Services\Cdrom /v autorun >showkey.txt
start showkey.txt

Or perhaps i focused too much on your mention of an AV. Do you mean some utility that runs, say, in kernel mode before winlogon runs? Then I really am not sure... boot mode does me. [XP doesn't look at autoexec or config.sys].

I'm sorry, but I am not quite sure what you are asking....may i point out that there are several offline or boot-time antivirus scanners available? Boot scan, offline scan? Avast in their installable AV product have a setting which allows you to scan your system before Windows actually starts; Avira and Bitdefender have bootable cd products which perform an offline AV scan [again without Windows being started]. They are updated with new definitions continually/daily.
http://www.techmixer.com/bitdefender-rescue-cd-with-auto-update-virus-definition-features/
http://www.avira.com/en/support/support_downloads.html :: the Rescue System download.
-with both these tools you burn a cd from the iso. The Avira version is already fully updated when you get it, Bitdefender's will automatically update when started if a net connection is available.

Were you able to use these two game disks before, Lady? Are they cds or dvds? To check that the disks and your drive are both in good condition and compatible first exit your game, then insert one of the problem disks, open Explorer [My Computer] and check if you can see files on it. Check the other disk. Tell us if you can see files, please.

Go ahead and click Yes to display them. You will be quite safe as long as you do not actually delete any of them.
However, I just checked, and both these files are protected by Windows File Protection System, so if they existed in dllcache then they would be automatically replaced into system32 if the corresponding files in there were corrupted or deleted, renamed.

Not wishing to be mean, but if you had any chance of writing a boot-time AV scanner you would not be posting such a question here. Leave it to Avast. The wheel has been invented... use your time doing something else.

You must have a dllcache in system32; to see it you must go Explorer [My Comp] > Tools tab, Folder options > View tab, and uncheck Hide Protected Opsys files, Apply n OK.
And when finished you might like to hide them again. Safer.
The file you are looking for is autochk.exe, quite different to chkdsk.exe, although in the end they both perform the same checks but via different means. You should have both, both in system32 and in system32\dllcache.
You have SP3: if you downloaded this then there will be a copy of autochk.exe in ServicePackFiles\i386.
autochk.exe runs at startup if so ordered, chkdsk.exe runs when Windows is online.
Your hijackthis log is clean.

So I had a look, but the process of changing taskbar colour is too involved for me:
svchost.exe > rundll32.exe uxtheme.dll, Resources\\luna.msstyles... and so on. I don't know what is triggering your change, but it is more than just the colour that is invovled.
Your SpywareDoctor and AVG9 haven't trapped any malware so might I suggest a rootkit scan?
Firstly..
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
[To customize file cleaning select the options you wish to use via the Windows and Applications tabs ..]
Then...
Download this: http://www.gmer.net/download.php - the .exe will have some obscure name.
Close all applications. Start it by dclick; if you do NOT get a warning at startup about rootkit activity, press Scan.
When the scan completes, press Copy, and paste to notepad. Attach to your reply post [Advanced reply].

Nothing shows as bad in that log, Wdawg. But please uninstall completely the SpyDoctor service and AVG9, then reinstall AVG9 only.
I have to add... do you have any theme changer software? The taskbar colour comes from shellstyle.dll in Windows\Resources folder, but i don't know when that is used/read, or by what... must be something at startup, or logon, anyway, by a user. Anyway, something is interfering with its use.... and because you have TWO AV services running, it could be that. [your SD has an AV service in it].

Nothing shows as bad in that log, Wdawg. But please uninstall completely the SpyDoctor service and AVG9, then reinstall AVG9 only.

Gee, Baby.. nice... so AVG were not up to date on that one.. Roadkill virus. Interesting.
So you are going with Kaspersky? Looks like AVG did not uninstall entirely, so use hijackthis to remove these entries.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\downloader\guard.exe
Now to remove that service..
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service Startup type to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Good luck out there.

Because you have a connection atm, could you do this, please? I am beginning to suspect malware because of the task bar colour change. Those two colours are std scheme colours, but something is causing the switch.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
And yes, to see the ipconfig report when green would be handy.

Lady, I must assume that because you have installed the game it is a Play or cinematics disc that you are having trouble with? .
Anyway, try this: open My Computer and rclick on your cd/dvd drive [you don't need a disc in it]. In Properties, select the Autoplay tab. Then choose Mixed content in the menu, press Select an action to perform, highlight Take no action.... and Apply.
That should stop Explorer opening the cd and finding the Autoplay file which starts Installshield, rather the cd drive will wait until your game program calls it.

It is appearing to be external to your setup... easy way to check is to try someone else's account from your home. Ask them to let you use their account for a test... they can change their password afterward. Not sure if that would work with cable, though.
[those reg entries remaining to be fixed weren't bad ones...; I am surprised that MBAM missed one websearch entry. It is good on those, which is why I didn't bother to list them earlier].

It does make the job easy. Note that it, like most such tools, does its job as a queue on a restart of the sys, so naturally enough they provide a bootable version which has the same capabilities and GUI. Nice.

UK being a land of audiophiles, I imagine so. I was thinking of a scart audio out adapter... without any dedicated audio sockets you will require an amplifier, whatever plugout configuration you source the audio from.

Partition Wizard. Easy as. Free. You can fit to disk or resize partitions on the fly.