ah.. you can never tell... but apologies... i somehow missed the import of your antepenultimate sentence.... i can do that when i scan a post too quickly.. :(
WHOA!!! Stop using that PC!! On another Puter, download this pgm, REST2514.exe onto a floppy, install it onto the same floppy [it will fit] and then insert it into ur PC with the lost stuff and run it from the floppy [to save disk file damage it does not install - that is the beauty of it.. one of em, anyway..]. http://www.snapfiles.com/download/dlrestoration.html ..it will even find stuff u did a shift-delete on. But only if you have not overwritten it!! Just going on the web causes Xp to write tons of stuff onto a disk.
gee, billy, u want us to guess at a lot of stuff.. did u just install xp? or some other software? or are you trying to uninstal some software and the uninstaller cannot find the install.log? If it is the last.. [an i'm guessing here, mind... but i ask myself y would anyone want to read an install log for fun?].... then the uninstaller.exe of the pgm u r trying to remove cannot find the log of what was actually installed, and where it was put. The quick solution is to re-install the software OVER THE TOP of the original... ie put it to same folder. That will create a new install.log... which will direct the uninstaller when you run it. Come back with how you get on....
....and then there is the straightforward way. Go Start, rclick in the header or tail, click Properties >start menu > customise > advanced, and check run command. It's actually a neat lil spot if u use the Start menu much.....
You're doing just fine... the log is clean, or will be [ there are 3 entries where problem files have been removed but the registry keys are still pointing to where they were, and you can fix them simply by opening HiJackThis again, running a System Scan only, and then putting checks against these 3 objects:- O2 - BHO: (no name) - {656EAE42-5CD3-0BC7-A191-0125702A7875} - C:\WINDOWS\system32\hlrugwj.dll (file missing)
A note about Symantec: open the update log [it's plain text] and see how the update service performs.... when I used them once i found that sometimes my puter could try occasionally up to 50 - 80 times per day to connect, and sometimes fail at it.. My AVG update goes thru on schedule every day. Spybot and Adaware are good cleaners. Run them as a first step as you did here if you suspect problems in the future [but update them first.] I do not know your surfing habits but once weekly/fortnightly should suffice, daily is too much! Oh yeah, CCleaner, if you tick just the few boxes that you want [temp files, cookies, bin etc, but not registry cleaning!] is a great little regular cleanup tool. And SFC, or System File Checker, does just that. You run sfc.exe from the Run command entry... just go …
just for the heck of it, turn off automatic windows update via security centre in control panel. Temporarily, mind. But post again saying if it has an effect.
i'm afraid the phone is passe; future generations will have an oversized thumb for texting and no capability for speech. Meanwhile, introduce him to girls. It really works!
yep. it did its job. Run HT in normal mode and if they're still there fix these three... O2 - BHO: (no name) - {656EAE42-5CD3-0BC7-A191-0125702A7875} - C:\WINDOWS\system32\hlrugwj.dll (file missing) O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) -then rerun HT [in normal mode] and post the log. I don't get viruses/trojans myself.... not had one for ages... but i promise myself that if/when i do i shall run sfc /scannow [from Start> run..] with my install CD... just to check that the cache has not been broken in to..
jeni, let's se if i can get this right...... [it'll be read by others!!] when you select safe mode n hit Enter, you will get a bar streaking across the bottom of that screen; then if it's a real cold start from a poweroff you will see a list of drivers n .dlls reel down the screen as they load, otherwise it's straight to a black screen with safe mode at all 4 corners and a one line desrciption of your system at top. Then comes the std blue logon screen populated with Administrator, and any users with admin privileges. You log in and the black screen returns with a window about restore or safe mode, and when you click yes you get your icons.... and from there you can do what i requested above... So please.. am i to understand that you can run normal windows mode, but not safe mode??? If you can run in normal mode at least run HT and fix those 3 things i put in post #2 above. In Safe mode the puter loads a bare minimum of drivers and dlls so that it can function - I cannot understand how it can make it to normal but not safe mode.....
kiel, if u have that [any] genuine XP install CD, try running Start > Run : sfc /scannow to check your dll cache files are not corrupted. sfc.exe checks the installed files with those in the cache, and asks for the CD if it finds cache errors. That may fix your WIN32services problem.
ok, stix..... time to run the clean option with smitfraudfix. - Disconnect from the net - Check that a Restore point has been made. - Now go into safe mode. - Start Smitfraudfix as before and press 2, Enter.
===You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter". Reboot into normal Windows and post here the text file which will appear on your screen, along with a new HT log. You will also have to restore your desktop background...
Sorry i was slow in replying... the weeekend got in the way.
LivinNstiX commented: Very helpful person!!! ***** 5 stars+1
Okay, a moderate selection of things remaining and we shall now work on those. But please, once we start this, do not delete or fix anything until I or someone says so..
Time to get some free stuff....
First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing. Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/ - install it. Update it. Finally download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the content (a folder named SmitfraudFix) to your Desktop.
Before the next step memorise these instructions... or copy em to notepad. Or just use Opera... Ok, you're done with the net. Shut it down. Disconnect... Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system tools> system restore. The reason for doing this is that some trojans write themselves into the System Restore files, and in there they are totally safe from anything. Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to …
Error Code: -5006 : 0x80070002 Error Information: >SetupDLL\SetupDLL.cpp (1209) PAPP:Rome - Total War - Alexander
This is an installshield error message. [installshield handles the installation of some programs, notably a lot of microsoft stuff; i think it also can incorporate an anti-theft system to prevent code hacking, or it try to...] 0x80070002 means that the sys cannot find the specified file; what file i do not know...
I do agree with the last post... DMR, thanks for the hosts/DNS Client enlightenment.... Now.. have i got this right..? If i wanted to restrict IE [any browser] to only a limited few sites, could i then simply place them in hosts, flush the DNS cache and disable DNS Client Service [set it to manual, or just stop it]?
steve, is that proxy server address correct? http://localhost:9100/proxy.pac, in this R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac It seems to point to this, but i cannot get it to work.. O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
i think it may be a bad proxy from the google web accelerator, and with it not working u are not going to get on the net. If you really do not need it, try fixing both those entries after uninstalling the web accelerator.
I just read your earlier post..... so do these things before you do what i wrote in my first post.
Time to get some free stuff....
First off I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it from the install checkboxes to only open from the recycle bin. It's just a neater thing. Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. **Read that webpage**. Go here and get SpyBot S & D, http://www.safer-networking.org/en/index.html , install it, but not tea timer. Update it. Get AVG AntiSpyware 7.5 from here: http://www.grisoft.com/doc/1 Install it.. you should intend keeping this.... open it and update it via the screen. Get Adaware SE Personal from http://www.lavasoft.de/software/adaware/ - install it. Update it. When it finishes updating files go get this free beta [blbeta.exe] from http://www.f-secure.com/blacklight/ and install it also.
Before the next step memorise these instructions... or copy em to notepad. Or just use Opera... Ok, you're done with the net. Shut it down. Disconnect... Check that a Restore point has been made [one should have just been made automatically because you just installed software...]. The path to this is via Start > all programs > accessories > system …
what is the actual problem you are experiencing, jeni? Meanwhile, reboot and run HT in Safe Mode, check these objects for fixing, fix, then prceed to normal windows mode, rerun HT and repost the new log here.... [actually you can leave the first one, R1=... unfixed if you like the site, but you will get lots of ads].
sigh.. why did i forget that one? i use it too, an recommend it in here. my brain, sometimes.... Actually if u set it up it is a marvellous and versatile little cleaner of temp files etc.... whatever you want.
be daunted, make sure you back it up first. Cannot use the file restore pgm? Btw, registy cleaners... you can download some which will identify the bad entries for you, but unless you register/pay will not delete them. But you have the list right there, don't you? .. an regedit is just waiting....
delete his game, password him into a limited user account; with no administration rights he'd not be able to install most games. There is no way you can give him access to hotmail and not a browser, cos the browser is needed for that. To restrict to only certain websites.. well ud have to buy software and it would drive you nuts. Sometimes you must trust them. Course, the best/easiest way is to put the puter in a public place where others stroll by all the time. No way will he then have interestin pics up for his ma or da to glimpse!
drivers are held in some special regard by windows. don't delete, instead upgrade em or change em, that way a record is made of the old driver [it is kept] and you can back it up if needs be by the magic driver restore function Rollback driver. Actually you can do a lot with your drivers via computer management > device manager.
you walk with angels. when u delete you get a coded file entry in recyclers, as you know, and the file remains where it was... with shift delete that entry doesn't get made... i guess the sys was hanging on to some other path record somewhere. i don't ever want to know all there is to know about this windows thing we all use n love.
remove via control panel uses the program's own uninstaller .exe, but you removed that when you did your deletion thing. Check first that the uninstall exe aint in the recycle bin... if so then restore it and let it do it's stuff - you can dclick it in it's old folder instead of going via CP. Not in the bin? If u deleted recently try using Restoration 2.5.14 from here:- http://www.snapfiles.com/download/dlrestoration.html You can save it to and install [extract] it to and run it from a floppy to reduce HD writes. Anyway. Your problem stems from registry entries which of course remain after your deletion exercise... which is why that method aint great. To fix this you can try an exhaustive search in the registry for keys with names related to your game.. an be careful with it.. do a registry backup first... or you can run a registry cleaner which will [should] find all those orphaned entries pointing nowhere n suggest that you delete them. And then your gold ed should go in. Next time you want to remove a pgm....
one thing that i should have mentioned, ally, is that because IE is so much a part of windows XP, i am sure that if u opened one of your staff's user desktop and checked the program files listing via Start button you would see IE listed there, in which case you merely have to either:- ... rclick the IE name and drag an icon onto the desktop, or ... rclick the desktop, go properties > desktop > customise > check the show IE icon box, or ... go Start, rclick in the blue header or tail, properties > start menu > customise > select show IE in start menu. I hope this helps...
sure, Ally, for a start i will assume that the user administrator account is named Ally, and that the Internet Explorer icon is on your desktop. Open an explorer window [dclick my Computer icon on your desktop..], click folders tab to get folder tree in lhside of window - now expand Local Disk C:, expand Docs and Settings, expand Ally, expand Start Menu. Open Programs. In the list on rhside you should see IE listing and/or its icon..[depending on view mode u have set].. Now go back up the tree a bit to All Users and expand it, expand Start Menu. Back to that IE icon/listing on rhside, rclick and drag it to All Users/Start Menu/Programs on lhside in the tree. Drop it and select Copy Here.
Alternatively, you can restrict the use of IE by only dropping it into the corresponding folder of selected user accounts. This method works with other programs also that you wish to share between users.... [some programs when u install them only open in the administrator's desktop thru deficient setup.exe choices..] Tell me how you get on... actually i am a bit surprised that IE was not already in all the users accounts by default... so if it is actually your firewall that has closed it to them then i do not know what steps to take.
ally, go to safe mode. Open the Aministrator account and set a password for it in exactly the same way as you would for any user via control panel. This account is the default or local administrator account that XP sets up during installation; if you set up a new user account and give it administrator privileges..ie set it as that type, then it has all the control [full] that the local administrator account has. The only difference is that access to the local admin account is somewhat restricted - it is a bit hidden. As for restricting web access to only one site.. I have no idea about how to do that. Via the IE tools tab > internet options you can easily place restrictions on the content they can view; apart from that there may be software that can help you. Sorry.
The product key is not coded into the XP CD, but is a unique code and when used with M$ activation creates a code specific to the major hardware models and serial numbers in your pc. So any genuine Microsoft CD will do, just make sure to use your product code.
Unzip it, onto your desktop will do nicely, and dclick on the delcmdservice folder, dclick on delreg.bat to start it. When the tool finishes reboot your computer
The Driver irql not less than or equal error implies that a driver with a high irql was unable to over-ride a driver operation with a lower irql => conflict. This can come from a RAM error [swap sticks to check it, or run a memtest] or other hardware problems such as overheating on a graphics card..... or driver conflicts. The code STOP 0x000000D1 (0x00000000, 0x00000002, 0x00000000, 0x00000000) does not help me much more that that... You can check your drivers at the windows update catalog :- http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us ...and of course at your manufacturer's sites. Btw, your log is clean.. if u suspect something lingering go to f-secure at http://www.f-secure.com/blacklight/ and download their trial blacklight tool, or to www.sysinternals.com and run RKR [follow their instructions to a T!!], or do the pandaonlinescan from here:- http://www.pandasoftware.com/products/activescan? …
Kiel, i am prompted by the history of the affair, your subsequent fault and actions, plus the appearance of the F2 key about userinit.exe in the log to suggest this: As explained in the M$ article [http://support.microsoft.com/kb/892893] the trojan could have inserted a .exe and changed this key's data to point to it....
::: this is what the data should be, if there is a different .exe there then while in Safe Mode regedit it to userinit.exe, [and you must include that comma!] Reboot.
Adaware or one of your other scans may have deleted the actual dud .exe, and so this key points to nothing. I doubt if userinit.exe is bad or corrupt, so just change the key data. But you got into safe mode via the login screen already...!! so I may be contradicting my own thinking.......wondering...you have not passworded the default computer Administration account, have you? I'm not suggesting that you do... Anyway, just search for userinit.exe in the registry, or that key, and report what you find. I could be way wrong....cos without that file running you should not be able to get in.... but you will not hurt anything by looking. NOTE. Do NOT fix that F2 entry in the HT log.... u have to have it.
birdie, my brain just burst. please turn off wordwrap in notebook and repost that lot? You might also give HT a folder to itself in or beside "program files", and run it in safe mode for a first pass. thank you.
drsmartload is a spyware and ad delivery trojan , and naturally that one does not aim to give you a BSOD. Cmdservices is a pest. You may have a virus which is designed to do that, or it is unintentional from a bad bit of hacker code. Anyway run HT in safe mode from its own folder with nothing else running [apps or windows], and send the log....
IDE. Okay. Firstly, although you did not say, I will assume that your friend has IDE connections to his boot hard drive also. He will have it hooked to the master position [end] of the Primary IDE connector ribbon [if 80 wire] - if there is a spare connector on that ribbon [in the centre] simply set the jumper on the back of your drive to slave and plug into that connector. If there is no spare connector on that cable [either cos there isn't a second connector, or your friend has 2 drives on it], you can swap out the IDE ribbon for one with two connectors, or plug into the Secondary IDE channel. Now most likely there is an optical drive on that connector as master; it makes no real difference whether you make your drive slave and leave the optical drive as master, or swap them around making yours master and the DVD drive [or whatever] a slave. But set the jumpers of all accordingly. If his sys uses cable select, then use that setting for the jumper. Secondly, if your friend's puter HD is SATA, his optical drive may be on the primary IDE port as a master; plug your drive in as slave on the Primary connector or as master on the secondary connector. Watch the jumper settings. Got it? Do plug in a power connector - things just go better that way. Right. Boot... during boot hit the pause key during …
If your friend is willing you can use his puter to test your HD. Connect yours as a IDE slave in his pc [in BIOS set Primary IDE Detect to AUTO], or just plug it in if both are sata, and check your data is ok. If you tell me what type of drive yours is, and your friend's {ide or sata] i could advise on connecting it, but it's all on the web. google it. If your data is ok then try disconnecting your friend's HD, connecting yours as master, and booting from it. Remember to change the jumpers if IDE.
just as a test, would you disable microsoft's windows auto update via control panel for a moment to see if it has any effect? And let me know? thanks... [re-enable auto update afterwards..!]
you need to log on with an administrator account to get access to msconfig. Limited user accounts cannot get it started. So via control panel > user accounts set those wasters to just limited accounts... lock them out of the administrator account but leave yourself as an administrator with a password. that should do the trick. Anyway, if you're on the net, u really should be on a limited account....so if you get a virus its access to many parts of the puter is limited.
one thing, if you have XP you are very likely using NTFS on your HD. For your emergency opsys you could therefore use NT or 2000, cos they are both NTFS compatible... and you just might have those old install discs somewhere, or know someone who...
..or you can make a rclick context menu entry for a w explorer folder.... saves going to the desktop. And, neatly enough, that folder is is your active directory! Click-clack.
You must be keen - these 3 are embedded in shell32.dll. But there are ways... you can make a new folder somewhere outside My Docs, give it the icon you wish, change its type, drop your [music] into it, name it My [Music], rdrag [move] it to My Docs and overwrite. Whether it has the same properties and functions as the original folder.. I dunno about that. Or you could get Iconpackager. Or Icontweaker. Or you can unhide protected operating system files via folder options; open My[Music], open desktop.ini- the last 2 lines in there are the path to the icon list and the icon number, so you can set iconindex to zero and put any path you like in iconfile. Umm, make a sys restore point first....
Aaarrgh!! You're so right! I just tested it....and so it is... media player stops the SS showing. Tricky things, puters. I don't actually bother with a SS - if i'm not looking at the screen, it's wasting its time [and life] putting on fancy moving images - so my SS is set to none, and power off after 5mins. But that doesn't really help you. Maybe just choose a nice media player graphic instead? I bet it is like that so that those visualisations keep going, say while you play an album- the mood would be so upset if your visualisation got cut by a bouncing ball. Try it then with no visualisation set....
