Posts by gerbil

hmmm... what, no install option? Cos if you go down the install road to do a fresh install windows will detect your old installation and ask if you would like to repair it...

hal.dll appears to be dynamically generated for each computer from a template file on the xp CD [ on the cd in i386 hal.dll is only 52KB, but once it gets onto my machine it is 104KB under the drivercache folder]...
In that generation and installation process it may corrupt, and you cannot just do a copy job. Here is a method which appears to get a new hal.dll installed on the pc.... Try it and let us know how it goes. Read down to don ho #1034.
http://www.dll-files.com/dllindex/dll-files.shtml?hal

pulled by poster.

Jumping straight into msconfig and selecting normal startup does not work? Or does it not give you the chance? Then you will have to either boot from your install CD, or download a floppy boot disc. And from there run chkdsk /F /R.
Cos SPTD fools around with kernel files? i think then you have a good reason to run sfc /scannow to repair anything that may be amiss with system files.
Also stop that auto restart if it is happening by typing sysdm.cpl and under the advance tab, startup settings, uncheck the auto restart box so you can get some error messages.

..and just what is your friend going to do after 30? days tick by with no activation? [and he will be bothered by M$ every one of those 30 days...] Cos if you put in your numbers, well, someone is going to lose out. You.

Some settings that you apply when using msconfig conveniently delete system restore files. So neat. A couple are :-
Diagnostic startup, and
Selective startup - if you clear the Load system services box.
It's just a pity that that little thing is not mentioned in the Help file....
Now. Did SPTD deleter work? Search for SPTD files in Windows/system32/drivers.... a couple o files could be there under SPTD. There is a regkey also - once you delete the files you will be able to read and delete this cfg subkey. Delete them and then try to reinstall DT 4.03.
And via rclick on start button, and also rclick on desktop blank space and using defaults, cannot you rebuild your desktop?
As for what you just put up... i'm out. Sorry.

nope, i know nothing about that pg. had a squizz at the website and.... well, to be honest that sort of pgm scares me.... what control do you have over all those fixes and tuneups and optimizers and cleaners and defraggers? memory defrag??? Skip registry cleaning and optimizing... your registry is prob 25 - 30MB, scraping out a couple of lost or orphaned entries won't speed up things measurably. If anything is truly malicious in there but points to a genuine "bad" file then no cleaner will pick the entry up as bad, because simply put, the entry is doing its job. Cleaning the registry is akin to snipping a couple of blades of grass from your lawn. Sure, like every file it can get fragmented a bit... A lot of popular tweaks are dodgy, like clearing out your prefetch file [ doing that is guaranteed to slow down your puter until it eventually recreates all those entries that it uses]. And ur firewall has a popup blocker as part of it, and remove spyware? from a cd? you need regular updates for that. But as i pointed out, i know nothing about that pgm. Up to you. did it cause a problem for you? then think it thru.
And get Spywareblaster and CCleaner - configure the latter to do what you want as you want it... . Cheers, glad i got SysRes going for you....

ah... since you're online.. another little thing and it's> ... WHOA!! did you really mean desktop.exe? no spelling error in a previous post, no 9?

I'm going to bet that you do not have a rclick context menu option to open command prompt for files and folders .... am i correct? And it's such a useful thing to have, as you are probably thinking right now, cos from the command prompt window you can do almost everything, including run System Restore.... heh heh....
So we better get you one....
Open an explorer window from my docs icon, whatever... got to tools > folder options > file types. Scroll down and select (NONE) /folder. Press Advanced, press New, and in the Action block type Command Prompt, in the App box type cmd.exe
OK and Apply your way out.
Now rclick a docs type folder eg My Docs, and Presto!! in the context menu you should see Command Prompt as a menu item. Now this is a cool thing...... note that the window opens in the folder/file that you rclicked..... this thing is so cool that you should KEEP IT.
Okay. Now in that Command Prompt window type this command and enter it...
%systemroot%\system32\restore\rstrui.exe
See? Told you this was a cool thing.

Groan.... is that a new problem?, one that surfaced since we forced the creation of a new desktop.htt file? If so, by any chance do you know at which stage? I'm sure it would not be due to this though.... If it is, try system restore and then work through again to pinpoint its first occurrence. For your peace of mind you could try resetting that dword from the key above to what it was [0x110], but that should not fix anything.
I have no solution yet, but i suspect an old contextmenuhandler file left over from from IE6 ....
[when you rclick on a file you open a context menu shell extension; the handlers add the various command files that you normally see - eg undo, copy, paste, select, various other contextual commands like scan..]

.

Sometimes you just get file corruptions sneaking in.... I actually have no idea what the root cause of your problem is, but if it was on my machine i would as a first and simple step check my dll's were all fine. So grab your XP install cd and run system file checker:-
Go Start > run, type sfc /scannow [note that space after sfc !!]
Either load the cd when it requests it, or before you enter the command. Sit there and be prepared to press the Enter key a few? times while it runs.

strange that it froze, oded.... you would have seen that there was an instance of desktop.htt for each user; deleting them should not have caused a problem. The particular .htt file for a user would be recreated when that user made a change to his desktop subsequently, say changing the colour, or the picture. But if your system is working fine already then the desktop file will still be rebuilt when you make any change.

Wow!! you were hot on the job, Oded!! Glad it worked... however i edited that post to provide what i consider to be a better fix, a true one, involving deleting any old desktop.htt files and letting windows create a new one.. The edited post has a fix which is a proper fix, not a hash job to tide you over. Explorer would rebuild a compatible desktop.htt file. Cheers..

desktop.htt pretty much controls the size and position of your desktop and the wallpaper you have on it, plus it includes a little activeX control to allow you to reshape it..... IE7 is a little bit incompatible with the old profile you may have had already.
Since this file is automatically generated by windows, the best fix is to delete the old one[s] and let windows create a new one. To do this open an explorer window and go to tools > folder options > view, and uncheck hide protected opsys files. Apply and ok. Then do a search in your sys drive [usually c: ] for desktop.htt. It will be in Docs and Settings\User\Application Data\Microsoft\Internet Explorer.
Delete them [it, whatever...]. Close the explorer window, rclick your desktop and click Refresh, and then go back and RECHECK that box. you really don't want those special files exposed all the time!!

are you using IE7 ?

interesting. why not google 360share... some interesting comments out there regarding it's being a rebadged old version of limewire. the latter is free. i use limewire on occasion, but more commonly emule. No firewall problems with either, for the windows version or zone alarm.

haha...!! david, you're too cool! of course!! on a junk email.. i wonder why they did it? ok, i wonder why they send junk emails too!!! thank you.

but read this site first!!!
http://www.lockergnome.com/nexus/it/2004/12/15/get-it-done-recover-a-damaged-windows-xp-user-profile/
..it may help with instructions for normal recovery. you have not lost the pictures, it's just that the profile which displays them is inactive.

sarah, here is a lil file, REST2514.exe, which may help. don't use your normal pc on the net until you recover your lost files.... this file has the advantage of being downloadable onto a floppy, can be unzipped to the same floppy, and run from the floppy - no installation is necessary. And put sys restore back ON. you only need to clear old entries if you get infected in a certain way.... and sys restore can make avilable old files occasionally.
http://www.snapfiles.com/get/restoration.html
[it's called restoration in this page..]

My turn to pose a question. I just received a weird, unsolicited email. If you try to copy n paste it, u get underlying text appearing with the normally visible text... it only appears when you lclick and drag. A sample of a capture [top text only..]:_

"Market Makers and Investors should be on high alert starting NOW.
Your immediate attention to SGGP could pay off
First day company profile Nov. 24 2006 up 27.27%
The Next Home Run, Presents Sierra Gold Corporation. OTG:SGGP.EK
Current price, 14 cents"

...and the same screen area done with a normal copynpaste job..:-

"Market Makers and lnvestors should be on high alert starting N0W. It may have been because he was just then cut off from all his fellow-creatures and even from the world itself; it may have been because he was satiated with marvels and with the almost absolute control over the powers which the Demon had conferred upon him; or it may have been because he was born and reared a hearty, healthy American boy, with a disposition to battle openly with the world and take his chances equally with his fellows, rather than be placed in such an exclusive position that no one could hope successfully to oppose him.
Your immediate attention to SGCP could pay off Perhaps he himself did not know what gave him this horrible attack of the blues, but the truth is he took out his handkerchief and cried …

do it again, and this time note the beep codes, both number and length. then go to the site of your BIOS maker and see what they mean. [Google beep codes and bios maker for the info...] . Beep codes are basic signals your BIOS puts out when not much else will work.

chopper... sometimes i assume too much, like if you are wishing to edit the registry, even by simply importing a key, that you know what you are about. A .reg file has a very specific structure; the text heading Windows Registry Editor Version 5.00 is an identifier for regedit32 - it tells the editor that what follows is a registry command [or series of em..], the entry itself must have a very specific structure detailing the command action to take, plus the path from the hive right down to the key, the name(s) and data value(s). It also has to be in a plain text and font. Your post had none of that. I have no problem with your copying software keys, but there is a real problem with that "file". You don't have to use the command export, but it saves a lot of typing.
Btw, the easiest way to test if your puter will let you use the reistry editor is to go start > run, type regedit, and press enter. If you see the registry open on screen, you have full access. May I suggest you google some training?

XP? it would have it... the files are regedit32.exe [the GUI version] and reg.exe [command line version]. Both would be installed, but there is a key which can block it.... HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools should be set to 0 to enable regedit... but the trick is to actually do that..... and i am not at all sure i should post the method because someone has deliberately locked down regedit on that machine...

crikey, i don't know what font that is. as an example of a .reg file for adding/modifying a key in XP here is one i exported at random:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\runas.exe]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:2b,28,50,b5,9b,29,fb,55,bf,1c,ac,64,b5,bd,5a,b7

- to add a key to XP you must have Windows Registry Editor Version 5.00 as the top line i the .reg file [or you can use reg add], then a single line space, then the key.... which should be in a plain text?

yeah, i was being VERY hopeful.... i also searched registry, but i simply refuse to do a a search for "run". I cannot find any shortcut/ target for it, so i can only suggest that you run system file checker ; start > run [ok, i'm teasing now], type sfc /scannow, cos it could be shell32.dll letting you down. Or another one.... :)

ok, i'm going to say something really stupid-sounding..... it seems like the "run" shortcut in the start area is broken. So try removing it [go start, rclick the blue header or tail, > properties, start menu, customise, advanced, and uncheck run command. Reboot, and recheck that box. Please don't be too hard on me if this fails, or is just laughable....

would you mind terribly putting up the file so we can check that it is the correct format? just rclick on your particular .reg file, select open with notepad, and paste it here... and add your opsys version info.

that's clean. good. i am going bushwalking now for a couple days.... be in touch monday.. Sorry.

wolffie, from that site it was supposed to be:- C:\fix_reg.cmd
You gotta get those file names EXACTLY right!!! Copy/paste works.

sjb, pls move hijackthis to a new folder, D:\HiackThis [reason being is that it makes automatic backups, and on your desktop is the best place to lose them, or not get them at all], make a new log and post it in a new thread.

Cool, we're done then? Glad it worked out. Cheers!

i see no proxy in your log. but open your hosts file:- From control panel , go folder options, view and select "show hidden files and folder". Then navigate to C:\Windows\system32\drivers\etc. Open a new notepad and with left mouse button drag hosts into the notepad window [no file moving, mind!!]. All you should see is comment behind # leaders, incl a couple of examples, and at the bottom one entry:-
127.0.0.1 localhost

If you see other entries, please copy them from notepad and post here.

ideas? not me, no.. sorry.... does sound as if it's not the driver's fault, but the card's. Temperature? is the fan clean? Post that issue in the hardware forum for more focussed help. They may help on the boot issue also if changing the boot order as i suggested does not work....

hello kaye, this should not be difficult. Did you run CCleaner before you did the Panda scan? Because it would have cleaned your cookie folder...
Anyway, if you have since reset this then go to control panel, folder options, view tab and select "show hidden files and folders".
Navigate to C:\windows\ss3unstl.exe and delete this file.
Open CCleaner and click the cleaner [top] icon. With Windows tab selected, uncheck Internet Explorer, then check both Temp Inet Files and Cookies.
Uncheck Windows Explorer, uncheck System, then check Empty Recycle bin.
Uncheck Advanced. Press Run Cleaner and OK.
[that is a good way to leave Ccleaner for general, occasional cleaning..]
Now go to Issues icon and uncheck Registry Integrity, then check Applications and Application Paths.
Uncheck File Integrity. Press Scan for Issues and then Fix Issues if it finds any.
Did you already fix those 3 HT log entries i mentioned? You must.
Finally, for safety's sake, please go to control panel, folder options, view tab and recheck "hide protected opsys files".
You may like to make a new restore point also.
Fine, let us know how you get on, and if there are any further problems.

just briefly, log's clean...and that .cmd thing... Go Start > run, type cmd.
Then cd c:\
dir c:\ /p [there is a space betw \ and /
You should see your two files there in the listing, both the .cmd and the .txt...
What msg does the SP2 installer give when it fails?

Sorry for the delay, but sleeping must be done.
kaye, run HT again and then check those three entries i posted above and fix them.
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it using the install checkboxes to only open from the recycle bin. It's just a neater thing.
Run it by dclicking recycle bin icon and clicking on CCleaner.
[Investigate its options and settings... then perhaps keep it with altered settings for general cleanup work, to empty temp files, the recycle bin, clearing cookies, histories... you choose.]
Finally try this scan online:- http://www.pandasoftware.com/products/activescan? Give them some details, and follow the scan buttons. If it finds anything then post the log here.
Btw, get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it. Explore what settings you can change in it [via the cogwheel icon up top, if you are comfortable with that... you won't hurt anything]. Put an icon on your desktop for regular use. It's a very competent scan that you can run every 2 weeks or so, or whenever you suspect foul play.
Cheers.

Do you recognise these three entries?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05B66B-D653-469F-A3A8-467C148C0BC2}: NameServer = 205.188.146.145

basically i am asking what is this file:- C:\APPS\IE\offline\uk.htm
and do you know this IP :- 205.188.146.145 -is it anything to do with your office network?

klaura, i just looked down the list and saw an earlier post by you - am examining that log now.

it was a long shot. ok, go to this link, download the file into its own folder [ i suggest a folder in C: alongside program files]. Be in an administrator login, close everything, all applications etc and open the folder, dclick hijackthis.exe, close the explorer window and then click the "scan and save a logfile" button.
When it finishes a notepad with the log results will open; post it here.

http://216.180.233.162/~merijn/files/HijackThis.exe

just guessing here... restart your puter, when in windows the countdown will start, so go Start > run, and type
shutdown -a
Then control panel, folder options, view tab and select "show hidden files and folders"; uncheck "hide protected opsys files".
Right. now go into C:\windows\system32\drivers and see if you have a file sysbus32.sys - here i am guessing...
post back the answer.....

C:\.. or the root of the drive where windows is installed..

try it.. they should work after a restart.
i see nothing abnormal in that log, wolffie. I just do not know why SP2 will not install.
Meanwhile, go here http://www.f-secure.com/blacklight/ and download the blacklight trial, follow through the pages, accept the agreement, accept the certificate, and then download the GUI version [the top one]. Then run the scan by dclicking the blbeta.exe, accept, and scan.
Follow up with Adaware... and if that is clean i just don't see what else is there. If HT can produce a proper log now you could post one [run it in normal mode].

SP2 installation. try removing the SP1 files via control panel, then go Start, Run, type: -
regsvr32 licdll.dll
Click OK, then OK again.
Reboot and retry the service pack install.

ok, you have a driver problem. which one, i do not know/cannot tell from here. System process, PID 4, is showing an excessive amount of CPU time used - 33 mins in under 8 hours of puter time. [mine's been on nearly 4 hours n PID 4 has used 7 secs only [if i was listening to music all that time it may amount to a couple of minutes]. System Process works in kernal memory; it manages many driver functions. Problem is not due to any applications. i'll get back to you on more of a workout.

You can skip SP1 and just install SP2... all the tweaks and upgrades n fixes of 1 are incorporated into SP2. so just go to the link for single computer upgrade to SP2.. but really you do not need to search for it, just turn on automatic updates in your security centre [at least to the check and inform level], and/or go to this link : http://windowsupdate.microsoft.com/
Sp2 will be offered [amongst swags of other stuff] automatically cos u do not have it.

- you don't say exactly what updates you have, but you can leave them or uninstall them... sp2 will outdate them anyway.

dortz, thank you very much for providing that link - it led on via a whole tree of links to some fascinating and useful reading. Brilliant.

i always thought the idea of windows file protection system was that it would do that automatically if it could. but then without hal what can it do?.:)... stuff breaks. i am still learning.

cool. thanks for the reply, dkrockon. but which bit? a bad startup entry or chkdsk?

ignore the cookies that panda turned up... you can clean those out before/after with CCLeaner, anyway. Further, if they have had a chance to dl from the net trojans may well have new files in the windows temp folder. Google the other bad stuf and find removal methods.
Those worms. Welchia exploits bad M$ code, it even deliberately downloads some from M$; you have no protection until you get SP2 in. And kaspersky online is the same scan as the trial, but the trial could run faster cos it's all inside your pc.
If spybot gets frozen you still have problems in there, and it must be protected by rootkits or something because there are no traces of it in your HT scans. Meantime go here and download Winpfind and post the log.
http://www.bleepingcomputer.com/files/winpfind.php

hal. i think M$ tried hard to come up with that name for this all-controlling ruler of your puter [2001: a space oddy..]. HAL is the software inteface between XP etc opsys and other applications, and the hardware. If hal is broken not much will run. You can get a copy into your PC via Recovery console and command.com; or by taking the drive out and making it a slave in another pc and copying a clean file in.
Where to get hal.dll? from the good pc [it WILL have it], from a net library[google hal.dll]. The working copy of hal.dll resides in \WINDOWS\system32. A spare copy is always cached in \WINDOWS\driver cache\i386\sp2.cab [you must extract it from this folder]. There are different hals out there, for multithreading, ACPI etc. so get the latest with most bells n whistles if you cannot read the file size from your corrrupted file to find a match.
To see that path you must go to folder options and uncheck " hide protected opsys files". So with that drive hooked up as a slave, go to the windows folder, unzip the sp2.cab to a scratch folder and copy the hal.dll that will be in there. Do not use the working copy in system32. Paste it into the slave drive into system32.
A copy of it is hidden in all OEM cd's also.[i386 folder]. it's only 104KB so it will fit onto a floppy for the command.com route …