So it's not password protected .. did you actually Move the My Documents folder on the old installation, or is this a copy of it you are try ing to access? From a cmd window can you do a dir on that S: drive, see the files? Can you do this to take Ownership?: Because you have XP Home, restart in Safe mode [you must in order to get the Security tab on folders to appear], log on with an account that has administrative rights. Rclick a folder on the drive, select properties, > security tab, > advanced tab, click owner, click edit, click your user name in the list [or Administrator] and check Replace owner on subcontainers and object, and Ok. Answer Yes to the question regarding replacing permissions.
This is a standard post I use... you must be an XP Pro user; substitute S: for C:... All you need to do as an administrator is to take control of those folders/files. If you go to C:\Documents and Settings you should still see your old profile named there. User profiles are given a unique Security Identifier. So even if on a new installation you create a user with the same name the account will not have the same SID. My Documents folder is a special Windows folder; it is related to the owner by SID. So if you can see it under C:\ you can take possession of it [if XP Pro] by using the Security tab in Properties. If XP Home just copy the contents to your own My Docs, and delete the original folder - it does not belong to any user now.
IT sounds like you still have malware there, Baby. AV services don't bother themselves with adware etc. But these two tools do. The first is a superb cleaning tool, the second let's us see what is running on your computer. Firstly... ==Please download Malwarebytes' Anti-Malware from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html or: http://www.besttechie.net/tools/mbam-setup.exe =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon, and UPDATE it. Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps. ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected. If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing. Copy and post that log [it is also saved under Logs tab in MBAM]. Then... ==download hijackthis: http://www.majorgeeks.com/download5554.html -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... -in that folder start HijackThis by dclicking the .exe -CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log here.
RECYCLER is your recycle bin. Delete someting.... it will pop there. Empty the bin.. it will go from RECYCLER [or one of its subfolders]. To check if a file is valid open its properties... see if it is signed.
slserv.exe is for your smartlink modem? You can see that catchme.tmp is in combofix. ctfmon.exe runs because you have MS Office? The remainder are [normally] standard processes to be seen on any machine. Any chance of seeing your combofix logs? To remove combofix, go Start, in the run box, type combofix /u and press enter.
It's always a worry when your DNS server comes back with this: "fec0:0:0:ffff:: These machines are getting out of hand.... Anyway... you tried what??!! " I have tried "ping ip_address_of_the_router" " You mean... ping 192.168.1.1 ? or whatever? I hope. Because you have just done a reinstallation, I would go with a driver or installation problem. Reload the drivers for your ethernet adapter, if that doesn't work then just reinstall XP.
In FF, you might want to check this setting: Go Tools, Options, Advanced tab. In Connection Settings click the radio button for either No Proxy or Use System Proxy, Ok, Ok. [System Proxy is alright to use because then FF will adopt the proxy settings that are in force for IE, and your IE is working...] You say Windows firewall is Off? Turn it on if you do not have another firewall application. One thing the Windows Firewall will NOT do, and that is stop anything going out...
Give me a play to keep my hand in, Member. First, to see where we stand... ==Please download Malwarebytes' Anti-Malware from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html or: http://www.besttechie.net/tools/mbam-setup.exe =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon, and UPDATE it. Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps. ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected. If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing. Copy and post that log [it is also saved under Logs tab in MBAM]. Then... ==download hijackthis: http://www.majorgeeks.com/download5554.html -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... -in that folder start HijackThis by dclicking the .exe -CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log here.
Task Manager's Performance tab. Urk. The figure at the foot of the PF Usage chart is in MB, other figures are in KB, and the conversion factor is 1024. PF Usage is a misnomer in Task Manager : the figure at the foot of the Page File Usage graphical monitor is the Commit Charge, which is actually the sum of RAM in use + Page File in use. Commit Charge [KB] = curent total memory usage [of both RAM + PF][KB]. It is just the amount of virtual memory the OS has committed to the running programs. Limit CC = Most of installed RAM + Page File size. Most of RAM? XP always keeps a variable amount of RAM in reserve. If you disable your page file you will see that CC Limit is less than Total Phys MEM [RAM] by about 50KB or so, the reserve. This rises rapidly as you have more processes running, probably because the OS calculates that there is a bigger chance of an emergency memory call occurring. At bottom of TM you see that PF Usage number repeated as Commit Charge [Total]. The second figure there is Commit Charge Limit, now in MB ...[x 1024 to get KB]. "620/964". You can see that you are using a lot of your Page File. Of course, XP is not going to be using all of your RAM before it switches some allocations over to the page file. How much of your …
Nice enough, SSSD. You can see straight away that you have some fragmenting of rarely modified files still. i wonder why it did not fix those...? Only a few, though. Would have been nice to have seen the "before" SMARTplacement.
Post back with pics of before and after using PerfectDisk if you will, SSSD. I'd like tosee the effect, and what a couple of those green blocks actually are.
The large green immovable block is your page file. Have you set it as dynamic, or fixed? If dynamic you may find other blocks being created here n there. The white spaces everywhere are not a problem. Files that are modified often will be kept away from files that are not. The other green blocks - I don't know how many files you have but it may be that your originally allocated Master File Table and reserve is full, and the system has assumed extra space for it.
The more intensely you defrag a partition ie go past just removing fragments and into over-consolidating your files, the sooner your files will fragment again. Windows has spread out the files on my C: drive [only the OS in there] with lots of spaces, so it doesn't fragment them too much, i find. Every time your sys reads and writes back a file it is going to fragment if it is a part of one consolidated chunk.
http://support.microsoft.com/kb/555223 - to clarify terms. http://www.petri.co.il/pagefile_optimization.htm - how to set your Page File. Also buried in here is a cute lil tool by Bill James which monitors your page file usage, showing min and peak use during a session. You have 2GB of RAM, may I suggest you set a min size of 500MB, max of 1500MB for your Page File?
Ah, so there is another difference. I really do not know how those O20 changes occurred between hijackthis versions. But anyway, your last log shows everything as fine, as it should be for SP3. I cannot help further on the slow sys problem, except to suggest uninstalling [not just turning off] your AV and testing. Disconnect from the net while you do.
Now why didn't you use that link I gave you? Your hijackthis is way out of date, and so does not show all information the newer version collects. Anyway.... the problem lies here : O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll You have SP3. The Winlogon key for SP3 is supposed to start dimsntfy.dll [a vital part] of the logon process, and that file is missing. Your Winlogon key is also set to start to start WgaLogon.dll, and it should not be so [that M$ check of your genuine? software is gone from SP3]. So search for a copy of dimsntfy.dll in your sys - it should be in ServicePackFiles or SoftwareDistribution and copy it into system32. Next you might delete that Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll registry entry by placing a checkmark against... O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll... and pressing Fix Checked. I am sure about the first part, not so sure about the second... it won't do any harm if you leave that there. It aint in my SP3, either that registry entry OR the file, Wgalogon.dll. Something is strange about your SP3 update....
Ah, not services, but under the startup tab. Okay, recheck them in msconfig. Then run Hijackthis again, press Scan, and search for them under O2 and O4 and possibly O20 [they may appear multiple times]. Check them, press Fix checked. The actual files would once have been in system32, but are now not there, hence the intial error messages you posted about.
Delete services? ==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service Startup Type to Disable first]. Close Services, now type this line into the run text box and press Enter: sc delete "exact Service Name" - don't be silly now....
Yes, you can delete those two entries. They are malware. I guess I did not see them ion the ht log because you had them stopped. And I modified my previous post... re Windows Desktop Search.
Good-oh, dilwar. don't worry about not finding the files, at least the starting emtries are now gone. IE... I don't set any homepage [how often do you wish to go there?].In IE go Tools, Internet options, General, and click Use Blank. You can uninstall Google Toolbar. Same with Vuze Remote toolbar, I imagine, although because I do not know it, there is a chance that it is a required add-on for some software you have installed. Windows Desktop Search. You can uninstall that too... it a is a file indexer. For fast searching. Whoopee. And that is about it for speeding things up. I don't run any antispyware service.... if I ever caught anything I would run it then as a cleaner.
Thanks, dilwar, start hijackthis again, click Scan. - place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
Hello, rohit... perhaps you could give us some sort of starting point... ==download hijackthis: http://www.majorgeeks.com/download5554.html -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... -in that folder start HijackThis by dclicking the .exe -CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log here.
We can use this tool to identify the actual startup entries and delete them: ==download hijackthis: http://www.majorgeeks.com/download5554.html -copy it to a new FOLDER placed either alongside your program files or on your desktop and then... -in that folder start HijackThis by dclicking the .exe -CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log here.
Hi. You've picked up some malware, all the way from Indonesia. Try this: ==Please download Malwarebytes' Anti-Malware from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html or: http://www.besttechie.net/tools/mbam-setup.exe =Dclick that file, mbam-setup.exe, to install the application, -ensure that it is set to update and start, else start it via the icon, and UPDATE it. Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps. ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected. If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button. Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing. Copy and post that log [it is also saved under Logs tab in MBAM]. And do try to avoid registry repair software. They only remove some...some... orphaned entries. Anything "legitimately" there, ie keys linked to malware... won't be removed! The bulk of the entries they proudly remove are those which would be cycled out over time, such as pointers to recently used files, or data placed by M$ for links that you don't have the software for and so do not use.
Use of mkrecovery.cmd -------------------------------------------------- Right click over mkrecovery.cmd and click edit:
In _setting.... -change USBDRV value R: to the letter of your USB Drive. -change XPSRC to the path of your Windows XP Setup folder. eg S:\i386 ** MAKE SURE THE USB DRIVE LETTER IS CORRECT ** ...else you risk erasing a drive's contents!!!!!
-Save the file, insert a blank flashdrive, and then dclick on mkrecovery.cmd. When creation completes copy into the USB key folder $WIN_NT$.~BT the two files autochk.exe and autofmt.exe from the i386 source folder. For some reason these two are excluded....
Done? Boot the failing sys from the USB drive [use the one-time BIOS boot menu... F2, F8, or F10..... the BIOS front page will tell you which], and then when the RC loads [it should recognise the Windows installation] run... chkdsk /r
Jemz, if you only have one OS in the boot.ini file, ie no choice, then it makes no difference at all - you could leave it at 30secs or 0 secs, but ntldr will ignore that timeout value and just proceed immediately to load the OS. A window showing the default OS will not appear. If you have more than one OS then you leave no time to make a choice... and it is likely that the window showing the OS list would not have time to appear, anyway. I have two OSs installed, and 4secs is plenty of time to make a choice if I so wish, else after 4secs the default OS loads anyway. Clear? :)
Setup is weird. I somehow get the feeling [but do not exactly know] that if it discovers files, even on a formatted drive it may use them, not overwrite them. I have no idea how. Try using a disk wiper. This one is simple, use it to burn a CD-RW. http://www.dban.org/download This version runs from a flashdrive or floppy. http://sourceforge.net/projects/dban/files/dban/dban-1.0.7/dban-1.0.7_i386.exe/download -just dclick that exe to install it to a floppy or flashdrive.
"Can I create a partition just for their User Account (so if they download bugs or catch something bad it won't affect me)?" No, a partition just for them won't change a thing, security-wise. But you can restrict the damage by only giving them a User account. "will I be able to partition this late into the HDs' lifespans?" Why are you keeping the data that is on the hdds already? But yes, you can.. linux [GParted] will allow you to easily shrink a pre-existing partition as long as it has free space. Which you create by deleting rubbish. "You can have two copies of windows on an System." That means two licenses. And a lot of bloat... two AVs [they will not greatly, mutually interfere in this case], two firewalls, ...2 of everything... a loss of precious disk space. And no extra security from a virus, as distinct from trojans, worms and other spyware...
And if you navigate to HKEY_LOCAL_MACHINE\System\CurentControlSet\Enum\Root\System how many of the 4-digit subkeys [eg 0000] have Plug and Play Software Device Enumerator as the data for DeviceDesc? Export the System key, then delete them [both, or just one that looks wrong.. :) Mine is 0000]? Check Device Mgr again. Reinstall the PnP SDE with the machine.inf trick. [via Add Hardware, with Machine.Inf, swenum.sys and streamci.dll in a temp directory]
Update all your drivers, now. And probably reinstall some software applications because some registry entries they used may have been altered in the Repair. And then download all the Security Updates again. Windows Repairs suck. Security updates.... such an annoyance if you simply use the Windows update program and then have to do a Repair. You can, of course, note the numbers of the updates, download the .exes, apply them and KEEP the original exe files in a folder. One wet day, you slipstream them with nlite.
-Open an Explorer window, search for msoe50.inf -the default location for this file is in the C:\Windows\Inf folder [show hidden files and folders]. -Right click the Msoe50.inf file, and then click Install. -Insert your Windows XP SP2 CD-ROM when prompted and on it locate the I386 folder, click Open, and then click OK. Outlook Express files have installed.
Part 2. wab50.inf
-search for wab50.inf -the default location for this file is in the C:\Windows\Inf folder. -Right-click the Wab50.inf file, and then click Install. -In the I386 folder on the CD-ROM click Open, and then click OK. Outlook Express address book has installed.
Outlook Express is now reinstalled. Start Outlook Express to test its functionality.
Your ISP's server should have failed that domain immediately. If I try such a thing the email does not even get to the point of sending the body before an error pops and stops the transmission. OE6, too. Your ISP perhaps is so loaded that it goes into a queue there before a domain search can be conducted. Just guessing.
halmacpi.dll is for your multiprocessor, advanced configuration power interface... so you should have Restart capability. Try updating your video drivers, then, so that option can be displayed correctly.
Abu, a long shot... when Setup was running it may not have detected correctly the power management scheme of your mb. Go into system32, rclick on HAL.DLL, choose Properties > Version tab. Highlight [lclick] Internal name... what does it list for your actual hal? Make sure that you have the correct video card/adapter drivers.
Good-oh. On any hdd, there is no point monitoring pure data partitions: System Restore just does not monitor data files. SR records changes to application file types only so only set it to monitor partitions with system files and applications. On my sys I have C: as pure system/boot drive and only the XP apps that don't function well in another partition [IE, for example], and no non-sys data at all. E: is my applications drive. I monitor only those two. [You wouldn't wish to restore a page file drive, now would you?] But if you don't uncheck the box relating to pure data drives SR will waste some space in them. I suppose I could add that turning off monitoring on those drives won't delete the SysVol Inf files.... to empty those useless restore points you must turn off System Restore, and then turn it on again. Toggling deletes old points.
Well, check that you have allowed it for the drives [partitions] you wish it to apply to, and that you have allowed sufficient space for it [5 or 6% of disk space should suffice]. Go via CP>System>System Resore. Windows should create automatic restore points before any software installation occurs. Provided that you meet the above criteria. Consider also the program ERUNT. It's just a better thing.
Set is looking for a defined variable; "drive" is not defined in the command shell environment. You will have to create your variablename first, so at the head of your batchfile put this line: set varname=drive And it should then accept the set drive=x: lines. Oh, and be careful of spaces - any after the = are part of the name. You do realise that this will not be permanent? Your newly created variable "drive" will only exist in the current shell environment - you close it and it is gone.
Just power off at the wall, ground your hands to the chassis and remove extra sticks of RAM.... and swap if it does not work. Memtest86 loaded onto a floppy will check your RAM for you [no OS required, it is bootable]. Consider also mb overheating... it may not be the cpu but the Northbridge or Southbridge which is giving trouble. On an Intel-based machine the Southbridge gets a heavy workout with all the disk activity during Setup.... if you feel comfortable doing it then release the SB heatsink, check the paste is plentiful and soft else renew it, reclip the heatsink. Course, you gotta have heatsink paste... your local tech may give you a smear.
If you enter this command you will see the default time that you mention... shutdown -i By spaces I meant that they should be between parameters, not between parameters and the separators, so: -s -c "Uh-oh..." is how it should be. As for the hover action, I do not know. Perhaps a hack to lessen the irritation of an unplanned shutdown? [maybe your virus that caper mentioned had a friendly side?]
It would have been helpful if you had posted your actual batch file, but anyway.... beware of spaces between parameters, and between parameters and their fields. They MUST be there. Wrong format, and it just will not run. I have the distinct feeling that the people who wrote these command structures were many, and they did not talk to each other.
I deleted the software folder ages back because I don't use it [or my sys doesn't]. Tracing.. it is just what this says : http://technet.microsoft.com/en-us/library/cc957864.aspx Mind that the key they rattle on may differ for different installations. In my Home, it is HKLM\SOFTWARE\Microsoft \Tracing\ Anyway, disable tracing by setting it to 0. Reg cleaning... it is not worth the time taken. A typical registry occupies maybe 25 - 30 MB, you may clean out 5KB or less. And if you were to run another reg cleaner it would find different things to remove. And after you run a slew of them a quick manual check would find plenty more that you could remove safely. Probably a better thing is to run Pagedefrag: http://technet.microsoft.com/en-us/sysinternals/bb545046.aspx
