Jump to content
Compatible Support Forums

overworked

Members
  • Content count

    26
  • Joined

  • Last visited

    Never

Community Reputation

0 Neutral

About overworked

  • Rank
    newbie
  1. Well folks, there's another nasty BHO out there that's a pain to get rid of....this one is Elite Toolbar. I've tried the usual suite of Ad Aware and BHO Cop to remove the little #$@%^%$ but it restores itself and registry setting upon every reboot. It populates the HKCU/Software/Microsoft/IE/Main/search key with it's URL and all that stuff. I've tried to set the file permissions on it's favorite directory so that it can't write there. I'll let you know how the battle progresses when I get back to it tomorrow.... -Overworked-
  2. Maybe the Evil Empire isn't so evil after all.... This morning I started a support case with them. They were kind enough to pick-up the tab on this support issue. I'll let you know how we end up resolving this issue. Stay tuned....more to come ;-) -overworked-
  3. Well, here we go again.... I tried deploying W2K SP4 as a slipstreamed deployment (this has worked fine before) and patching the OS using the MS Qchain utility. The results are the same as if I had slipstreamed all the hotfixes in the initial deployment.... **************************************************************** Event Type: Error Event Source: Ftdisk Event Category: None Event ID: 49 Date: 9/9/2004 Time: 1:47:44 PM User: N/A Computer: COMPUTER Description: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Data: 0000: 00 00 00 00 01 00 56 00 ......V. 0008: 00 00 00 00 31 00 04 c0 ....1..À 0010: 03 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ ************************************************************* I have searched your online documentation. The page file is of sufficient size for the physical memory in the computer. KB319931 indicates this error was fixed in SP4 with the following files: 01-Apr-2002 16:07 5.0.2195.5505 1,687,296 Ntkrnlmp.exe 01-Apr-2002 16:08 5.0.2195.5505 1,686,912 Ntkrnlpa.exe 01-Apr-2002 16:08 5.0.2195.5505 1,707,584 Ntkrpamp.exe 01-Apr-2002 16:07 5.0.2195.5505 1,665,024 Ntoskrnl.exe These files were replaced with a more recent version by hotfix KB835732. This is the log of the hotfix installation: *************************************************************** [KB835732.log] *** 2004/9/9 13:49:23.927 *** Exe = UPDATE.EXE, Version = 5.4.1.0 *** ================== Update.exe started at 9/ 9/2004 at 13:49:23 ================== *** Service Pack started with following command line: /passive /norestart /n *** ---- Old Information In The Registry ------ *** Source:c:\973ee628f2a8b52ee64f511636837ff2 Version: *** Destination: Version: *** Source:c:\6d3a162f9b5a04bb99f97b5f4ffd Version: *** Destination: Version: *** Source:c:\3928fe31ffe634249bea Version: *** Destination: Version: *** Source:c:\ac4165566af797da3366d09025 Version: *** Destination: Version: *** Source:c:\1a635ad07e9efaa80f119c Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000002_.tmp Version: 5.0.2195.6656 *** Destination: Version: *** Source:C:\WINNT\system32\_000003_.tmp Version: 5.0.2195.6692 *** Destination: Version: *** Source:c:\bebde20982628e4db4c5e4eb290b6b Version: *** Destination: Version: *** Source:c:\b04ac7d7846fea53a9 Version: *** Destination: Version: *** Source:c:\94ee866ab40915189e08c2c4a5 Version: *** Destination: Version: *** Source:c:\186a5f5ec8762f89ee Version: *** Destination: Version: *** ---- New Information In The Registry ------ *** Source:c:\973ee628f2a8b52ee64f511636837ff2 Version: *** Destination: Version: *** Source:c:\6d3a162f9b5a04bb99f97b5f4ffd Version: *** Destination: Version: *** Source:c:\3928fe31ffe634249bea Version: *** Destination: Version: *** Source:c:\ac4165566af797da3366d09025 Version: *** Destination: Version: *** Source:c:\1a635ad07e9efaa80f119c Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000002_.tmp Version: 5.0.2195.6656 *** Destination: Version: *** Source:C:\WINNT\system32\_000003_.tmp Version: 5.0.2195.6692 *** Destination: Version: *** Source:c:\bebde20982628e4db4c5e4eb290b6b Version: *** Destination: Version: *** Source:c:\b04ac7d7846fea53a9 Version: *** Destination: Version: *** Source:c:\94ee866ab40915189e08c2c4a5 Version: *** Destination: Version: *** Source:c:\186a5f5ec8762f89ee Version: *** Destination: Version: *** SetAltOsLoaderPath: No section uses DirId 65701; done. *** IncludeDirectoryIdFromInfSection: No DirId found for: DontRemoveOnUninst.DirId *** FetchSourceURL: SetupOpenInfFile Failed to open file: c:\a65364d63c17a6149a16eea49204ef\update\update.url *** DoInstallation: FetchSourceURL for c:\a65364d63c17a6149a16eea49204ef\update\update.inf Failed *** CreateUninstall = 0,Directory = C:\WINNT\$NtUninstallKB835732$ *** LoadFileQueues: SetupGetSourceFileLocation for halacpi.dll failed: 0xe0000102 *** BuildCabinetManifest:SetupOpenInfFile failed with error INVALID_HANDLE_VALUE *** AnalyzePhaseZero used 0 ticks *** AnalyzePhaseOne: used 10775 ticks *** AnalyzeComponents: Hotpatch analysis disabled; skipping. *** AnalyzeComponents: Hotpatching is disabled. *** AnalyzePhaseTwo used 10 ticks *** AnalyzePhaseThree used 0 ticks *** AnalyzePhaseFive used 0 ticks *** AnalyzePhaseSix used 0 ticks *** AnalyzeComponents used 10785 ticks *** Downloading 0 files *** bPatchMode = FALSE *** Inventory complete: ReturnStatus=0, 10855 ticks *** Num Ticks for invent : 10865 *** Allocation size of drive C: is 4096 bytes, free space = 12403466240 bytes *** Drive C: free 11828MB req: 57MB w/uninstall 0MB *** Num Ticks for download : 0 *** CabinetBuild complete *** Num Ticks for Cabinet build : 0 *** Starting process: C:\WINNT\system32\secedit.exe /configure /cfg C:\WINNT\inf\hfsecper.inf /db C:\WINNT\security\templates\hfsecper.sdb /log C:\WINNT\security\logs\hfsecper.log *** Return Code = 1 *** Registering Uninstall Program for -> KB835732, KB835732 , 0x0 *** LoadFileQueues: SetupGetSourceFileLocation for halacpi.dll failed: 0xe0000102 *** Copied file: C:\WINNT\system32\spmsg.dll *** SfcTurnOff: System is not Win2k < SP2; Not turning off SFC. *** SfcTurnOff: SFC was not turned off; using MakeSfcFileException. *** AtomicReplaceFile: Calling HpReplaceSystemModule( C:\WINNT\system32\ADVAPI32.DLL, HFXC6.tmp, _1762269569_.tmp, FALSE ). *** AtomicReplaceFile: HpReplaceSystemModule failed; status=0xc0000003, location=684. *** DoNoDelayReplace: Atomic replace support not implemented; disabling. *** Copied file: C:\WINNT\system32\ADVAPI32.DLL *** Copied file: C:\WINNT\system32\LSASS.EXE *** Copied file: C:\WINNT\system32\msasn1.dll *** Copied file: C:\WINNT\system32\MSV1_0.DLL *** Copied file: C:\WINNT\system32\samlib.dll *** Copied file: C:\WINNT\system32\SAMSRV.DLL *** Copied file: C:\WINNT\system32\DRIVERS\ksecdd.sys *** Copied file: C:\WINNT\system32\DRIVERS\mountmgr.sys *** Copied file: C:\WINNT\system32\KERNEL32.DLL *** Copied file: C:\WINNT\system32\NTDLL.DLL *** Copied file: C:\WINNT\system32\NTKRNLPA.EXE *** Copied file: C:\WINNT\system32\NTOSKRNL.EXE *** Copied file: C:\WINNT\system32\WIN32K.SYS *** Copied file: C:\WINNT\system32\WINSRV.DLL *** Copied file: C:\WINNT\system32\LSASRV.DLL *** Copied file (delayed): C:\WINNT\system32\SETD4.tmp *** Copied file: C:\WINNT\system32\SCHANNEL.DLL *** Copied file (delayed): C:\WINNT\system32\SETD5.tmp *** Copied file: C:\WINNT\system32\DllCache\LSASRV.DLL *** Copied file: C:\WINNT\system32\DllCache\SCHANNEL.DLL *** Copied file: C:\WINNT\system32\BASESRV.DLL *** Copied file (delayed): C:\WINNT\system32\SETD8.tmp *** Copied file: C:\WINNT\system32\browser.dll *** Copied file (delayed): C:\WINNT\system32\SETD9.tmp *** Copied file: C:\WINNT\system32\CMD.EXE *** Copied file (delayed): C:\WINNT\system32\SETDA.tmp *** Copied file: C:\WINNT\system32\CRYPT32.DLL *** Copied file (delayed): C:\WINNT\system32\SETDB.tmp *** Copied file: C:\WINNT\system32\CRYPTNET.DLL *** Copied file: C:\WINNT\system32\cryptsvc.dll *** Copied file (delayed): C:\WINNT\system32\SETDD.tmp *** Copied file: C:\WINNT\system32\dnsapi.dll *** Copied file (delayed): C:\WINNT\system32\SETDE.tmp *** Copied file: C:\WINNT\system32\dnsrslvr.dll *** Copied file (delayed): C:\WINNT\system32\SETDF.tmp *** Copied file: C:\WINNT\system32\EVENTLOG.DLL *** Copied file (delayed): C:\WINNT\system32\SETE0.tmp *** Copied file: C:\WINNT\system32\GDI32.DLL *** Copied file (delayed): C:\WINNT\system32\SETE1.tmp *** Copied file: C:\WINNT\system32\h323.tsp *** Copied file: C:\WINNT\system32\ipnathlp.dll *** Copied file: C:\WINNT\system32\kerberos.dll *** Copied file (delayed): C:\WINNT\system32\SETE4.tmp *** Copied file: C:\WINNT\system32\mf3216.dll *** Copied file: C:\WINNT\system32\mpr.dll *** Copied file (delayed): C:\WINNT\system32\SETE6.tmp *** Copied file: C:\WINNT\system32\MSGINA.DLL *** Copied file (delayed): C:\WINNT\system32\SETE7.tmp *** Copied file: C:\WINNT\system32\NETAPI32.DLL *** Copied file (delayed): C:\WINNT\system32\SETE8.tmp *** Copied file: C:\WINNT\system32\NETLOGON.DLL *** Copied file (delayed): C:\WINNT\system32\SETE9.tmp *** Copied file: C:\WINNT\system32\ntdsa.dll *** Copied file (delayed): C:\WINNT\system32\SETEA.tmp *** Copied file: C:\WINNT\system32\PSBASE.DLL *** Copied file (delayed): C:\WINNT\system32\SETEB.tmp *** Copied file: C:\WINNT\system32\scecli.dll *** Copied file (delayed): C:\WINNT\system32\SETEC.tmp *** Copied file: C:\WINNT\system32\scesrv.dll *** Copied file (delayed): C:\WINNT\system32\SETED.tmp *** Copied file: C:\WINNT\system32\sfcfiles.dll *** Copied file (delayed): C:\WINNT\system32\SETEE.tmp *** Copied file: C:\WINNT\system32\umandlg.dll *** Copied file: C:\WINNT\system32\USER32.DLL *** Copied file (delayed): C:\WINNT\system32\SETF0.tmp *** Copied file: C:\WINNT\system32\USERENV.DLL *** Copied file (delayed): C:\WINNT\system32\SETF1.tmp *** Copied file: C:\WINNT\system32\w32time.dll *** Copied file (delayed): C:\WINNT\system32\SETF2.tmp *** Copied file: C:\WINNT\system32\w32tm.exe *** Copied file (delayed): C:\WINNT\system32\SETF3.tmp *** Copied file: C:\WINNT\system32\WINLOGON.EXE *** Copied file (delayed): C:\WINNT\system32\SETF4.tmp *** Copied file: C:\WINNT\system32\WINTRUST.DLL *** Copied file (delayed): C:\WINNT\system32\SETF5.tmp *** Copied file: C:\Program Files\NetMeeting\callcont.dll *** Copied file: C:\Program Files\NetMeeting\mst120.dll *** Copied file: C:\Program Files\NetMeeting\nmcom.dll *** Copied file: C:\WINNT\system32\sp3res.dll *** Copied file: C:\WINNT\system32\winhttp.dll *** Copied file (delayed): C:\WINNT\system32\SETFA.tmp *** Copied file: C:\WINNT\INF\hfsecper.inf *** Copied file: C:\WINNT\INF\hfsecupd.inf *** Copied file: C:\WINNT\Driver Cache\i386\kernel32.dll *** Copied file: C:\WINNT\Driver Cache\i386\ntdll.dll *** Copied file: C:\WINNT\Driver Cache\i386\ntkrnlmp.exe *** Copied file: C:\WINNT\Driver Cache\i386\ntkrnlpa.exe *** Copied file: C:\WINNT\Driver Cache\i386\ntkrpamp.exe *** Copied file: C:\WINNT\Driver Cache\i386\ntoskrnl.exe *** Copied file: C:\WINNT\Driver Cache\i386\win32k.sys *** Copied file: C:\WINNT\Driver Cache\i386\winsrv.dll *** Copied file: C:\WINNT\system32\DllCache\sp3res.dll *** Copied file: C:\WINNT\system32\DllCache\winhttp.dll *** Copied file: C:\WINNT\system32\DllCache\advapi32.dll *** Copied file: C:\WINNT\system32\DllCache\BASESRV.DLL *** Copied file: C:\WINNT\system32\DllCache\browser.dll *** Copied file: C:\WINNT\system32\DllCache\callcont.dll *** Copied file: C:\WINNT\system32\DllCache\CMD.EXE *** Copied file: C:\WINNT\system32\DllCache\CRYPT32.DLL *** Copied file: C:\WINNT\system32\DllCache\cryptnet.dll *** Copied file: C:\WINNT\system32\DllCache\cryptsvc.dll *** Copied file: C:\WINNT\system32\DllCache\dnsapi.dll *** Copied file: C:\WINNT\system32\DllCache\dnsrslvr.dll *** Copied file: C:\WINNT\system32\DllCache\EVENTLOG.DLL *** Copied file: C:\WINNT\system32\DllCache\GDI32.DLL *** Copied file: C:\WINNT\system32\DllCache\h323.tsp *** Copied file: C:\WINNT\system32\DllCache\ipnathlp.dll *** Copied file: C:\WINNT\system32\DllCache\kdcsvc.dll *** Copied file: C:\WINNT\system32\DllCache\kerberos.dll *** Copied file: C:\WINNT\system32\DllCache\kernel32.dll *** Copied file: C:\WINNT\system32\DllCache\ksecdd.sys *** Copied file: C:\WINNT\system32\DllCache\lsass.exe *** Copied file: C:\WINNT\system32\DllCache\mf3216.dll *** Copied file: C:\WINNT\system32\DllCache\mountmgr.sys *** Copied file: C:\WINNT\system32\DllCache\mpr.dll *** Copied file: C:\WINNT\system32\DllCache\msasn1.dll *** Copied file: C:\WINNT\system32\DllCache\MSGINA.DLL *** Copied file: C:\WINNT\system32\DllCache\mst120.dll *** Copied file: C:\WINNT\system32\DllCache\msv1_0.dll *** Copied file: C:\WINNT\system32\DllCache\NETAPI32.DLL *** Copied file: C:\WINNT\system32\DllCache\NETLOGON.DLL *** Copied file: C:\WINNT\system32\DllCache\nmcom.dll *** Copied file: C:\WINNT\system32\DllCache\ntdll.dll *** Copied file: C:\WINNT\system32\DllCache\ntdsa.dll *** Copied file: C:\WINNT\system32\DllCache\NTKRNLMP.EXE *** Copied file: C:\WINNT\system32\DllCache\ntkrnlmp.exe *** Copied file: C:\WINNT\system32\DllCache\ntkrnlpa.exe *** Copied file: C:\WINNT\system32\DllCache\NTKRPAMP.EXE *** Copied file: C:\WINNT\system32\DllCache\ntkrpamp.exe *** Copied file: C:\WINNT\system32\DllCache\ntoskrnl.exe *** Copied file: C:\WINNT\system32\DllCache\PSBASE.DLL *** Copied file: C:\WINNT\system32\DllCache\samlib.dll *** Copied file: C:\WINNT\system32\DllCache\samsrv.dll *** Copied file: C:\WINNT\system32\DllCache\scecli.dll *** Copied file: C:\WINNT\system32\DllCache\scesrv.dll *** Copied file: C:\WINNT\system32\DllCache\sfcfiles.dll *** Copied file: C:\WINNT\system32\DllCache\umandlg.dll *** Copied file: C:\WINNT\system32\DllCache\USER32.DLL *** Copied file: C:\WINNT\system32\DllCache\USERENV.DLL *** Copied file: C:\WINNT\system32\DllCache\w32time.dll *** Copied file: C:\WINNT\system32\DllCache\w32tm.exe *** Copied file: C:\WINNT\system32\DllCache\win32k.sys *** Copied file: C:\WINNT\system32\DllCache\WINLOGON.EXE *** Copied file: C:\WINNT\system32\DllCache\winsrv.dll *** Copied file: C:\WINNT\system32\DllCache\wintrust.dll *** Num Ticks for Copying files : 39537 *** Num Ticks for Reg update and deleting 0 size files : 20 *** Starting process: C:\WINNT\system32\secedit.exe /configure /cfg C:\WINNT\inf\hfsecupd.inf /db C:\WINNT\security\templates\hfsecupd.sdb /log C:\WINNT\security\logs\hfsecupd.log *** Return Code = 0 *** UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do. *** ---- Old Information In The Registry ------ *** Source:c:\973ee628f2a8b52ee64f511636837ff2 Version: *** Destination: Version: *** Source:c:\6d3a162f9b5a04bb99f97b5f4ffd Version: *** Destination: Version: *** Source:c:\3928fe31ffe634249bea Version: *** Destination: Version: *** Source:c:\ac4165566af797da3366d09025 Version: *** Destination: Version: *** Source:c:\1a635ad07e9efaa80f119c Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000002_.tmp Version: 5.0.2195.6656 *** Destination: Version: *** Source:C:\WINNT\system32\_000003_.tmp Version: 5.0.2195.6692 *** Destination: Version: *** Source:c:\bebde20982628e4db4c5e4eb290b6b Version: *** Destination: Version: *** Source:c:\b04ac7d7846fea53a9 Version: *** Destination: Version: *** Source:c:\94ee866ab40915189e08c2c4a5 Version: *** Destination: Version: *** Source:c:\186a5f5ec8762f89ee Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000004_.tmp Version: 5.0.2195.6710 *** Destination: Version: *** Source:C:\WINNT\system32\_000005_.tmp Version: 5.0.2195.6695 *** Destination: Version: *** Source:C:\WINNT\system32\_000006_.tmp Version: 5.0.2195.6666 *** Destination: Version: *** Source:C:\WINNT\system32\_000007_.tmp Version: 5.0.2195.6680 *** Destination: Version: *** Source:C:\WINNT\system32\_000008_.tmp Version: 5.0.2195.6666 *** Destination: Version: *** Source:C:\WINNT\system32\_000009_.tmp Version: 5.0.2195.6697 *** Destination: Version: *** Source:C:\WINNT\system32\_000012_.tmp Version: 5.0.2195.6688 *** Destination: Version: *** Source:C:\WINNT\system32\_000013_.tmp Version: 5.0.2195.6685 *** Destination: Version: *** Source:C:\WINNT\system32\_000016_.tmp Version: 5.0.2195.6708 *** Destination: Version: *** Source:C:\WINNT\system32\_000017_.tmp Version: 5.0.2195.6699 *** Destination: Version: *** Source:C:\WINNT\system32\SETD4.tmp Version: 5.0.2195.6902 *** Destination:C:\WINNT\system32\LSASRV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETD5.tmp Version: 5.1.2195.6899 *** Destination:C:\WINNT\system32\SCHANNEL.DLL Version: 5.0.1.0 *** Source:C:\WINNT\system32\SETD8.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\BASESRV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETD9.tmp Version: 5.0.2195.6866 *** Destination:C:\WINNT\system32\browser.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDA.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\CMD.EXE Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDB.tmp Version: 5.131.2195.6824 *** Destination:C:\WINNT\system32\CRYPT32.DLL Version: 5.0.131.0 *** Source:C:\WINNT\system32\SETDD.tmp Version: 5.0.2195.6868 *** Destination:C:\WINNT\system32\cryptsvc.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDE.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\dnsapi.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDF.tmp Version: 5.0.2195.6876 *** Destination:C:\WINNT\system32\dnsrslvr.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE0.tmp Version: 5.0.2195.6883 *** Destination:C:\WINNT\system32\EVENTLOG.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE1.tmp Version: 5.0.2195.6898 *** Destination:C:\WINNT\system32\GDI32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE4.tmp Version: 5.0.2195.6903 *** Destination:C:\WINNT\system32\kerberos.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE6.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\mpr.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE7.tmp Version: 5.0.2195.6895 *** Destination:C:\WINNT\system32\MSGINA.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE8.tmp Version: 5.0.2195.6897 *** Destination:C:\WINNT\system32\NETAPI32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE9.tmp Version: 5.0.2195.6891 *** Destination:C:\WINNT\system32\NETLOGON.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEA.tmp Version: 5.0.2195.6896 *** Destination:C:\WINNT\system32\ntdsa.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEB.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\PSBASE.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEC.tmp Version: 5.0.2195.6893 *** Destination:C:\WINNT\system32\scecli.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETED.tmp Version: 5.0.2195.6903 *** Destination:C:\WINNT\system32\scesrv.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEE.tmp Version: 5.0.2195.6894 *** Destination:C:\WINNT\system32\sfcfiles.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF0.tmp Version: 5.0.2195.6897 *** Destination:C:\WINNT\system32\USER32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF1.tmp Version: 5.0.2195.6794 *** Destination:C:\WINNT\system32\USERENV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF2.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\w32time.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF3.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\w32tm.exe Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF4.tmp Version: 5.0.2195.6898 *** Destination:C:\WINNT\system32\WINLOGON.EXE Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF5.tmp Version: 5.131.2195.6824 *** Destination:C:\WINNT\system32\WINTRUST.DLL Version: 5.0.131.0 *** Source:C:\WINNT\system32\SETFA.tmp Version: 5.1.2600.1327 *** Destination:C:\WINNT\system32\winhttp.dll Version: 5.0.1.0 *** ---- New Information In The Registry ------ *** Source:c:\973ee628f2a8b52ee64f511636837ff2 Version: *** Destination: Version: *** Source:c:\6d3a162f9b5a04bb99f97b5f4ffd Version: *** Destination: Version: *** Source:c:\3928fe31ffe634249bea Version: *** Destination: Version: *** Source:c:\ac4165566af797da3366d09025 Version: *** Destination: Version: *** Source:c:\1a635ad07e9efaa80f119c Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000002_.tmp Version: 5.0.2195.6656 *** Destination: Version: *** Source:C:\WINNT\system32\_000003_.tmp Version: 5.0.2195.6692 *** Destination: Version: *** Source:c:\bebde20982628e4db4c5e4eb290b6b Version: *** Destination: Version: *** Source:c:\b04ac7d7846fea53a9 Version: *** Destination: Version: *** Source:c:\94ee866ab40915189e08c2c4a5 Version: *** Destination: Version: *** Source:c:\186a5f5ec8762f89ee Version: *** Destination: Version: *** Source:C:\WINNT\system32\_000004_.tmp Version: 5.0.2195.6710 *** Destination: Version: *** Source:C:\WINNT\system32\_000005_.tmp Version: 5.0.2195.6695 *** Destination: Version: *** Source:C:\WINNT\system32\_000006_.tmp Version: 5.0.2195.6666 *** Destination: Version: *** Source:C:\WINNT\system32\_000007_.tmp Version: 5.0.2195.6680 *** Destination: Version: *** Source:C:\WINNT\system32\_000008_.tmp Version: 5.0.2195.6666 *** Destination: Version: *** Source:C:\WINNT\system32\_000009_.tmp Version: 5.0.2195.6697 *** Destination: Version: *** Source:C:\WINNT\system32\_000012_.tmp Version: 5.0.2195.6688 *** Destination: Version: *** Source:C:\WINNT\system32\_000013_.tmp Version: 5.0.2195.6685 *** Destination: Version: *** Source:C:\WINNT\system32\_000016_.tmp Version: 5.0.2195.6708 *** Destination: Version: *** Source:C:\WINNT\system32\_000017_.tmp Version: 5.0.2195.6699 *** Destination: Version: *** Source:C:\WINNT\system32\SETD4.tmp Version: 5.0.2195.6902 *** Destination:C:\WINNT\system32\LSASRV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETD5.tmp Version: 5.1.2195.6899 *** Destination:C:\WINNT\system32\SCHANNEL.DLL Version: 5.0.1.0 *** Source:C:\WINNT\system32\SETD8.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\BASESRV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETD9.tmp Version: 5.0.2195.6866 *** Destination:C:\WINNT\system32\browser.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDA.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\CMD.EXE Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDB.tmp Version: 5.131.2195.6824 *** Destination:C:\WINNT\system32\CRYPT32.DLL Version: 5.0.131.0 *** Source:C:\WINNT\system32\SETDD.tmp Version: 5.0.2195.6868 *** Destination:C:\WINNT\system32\cryptsvc.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDE.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\dnsapi.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETDF.tmp Version: 5.0.2195.6876 *** Destination:C:\WINNT\system32\dnsrslvr.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE0.tmp Version: 5.0.2195.6883 *** Destination:C:\WINNT\system32\EVENTLOG.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE1.tmp Version: 5.0.2195.6898 *** Destination:C:\WINNT\system32\GDI32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE4.tmp Version: 5.0.2195.6903 *** Destination:C:\WINNT\system32\kerberos.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE6.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\mpr.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE7.tmp Version: 5.0.2195.6895 *** Destination:C:\WINNT\system32\MSGINA.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE8.tmp Version: 5.0.2195.6897 *** Destination:C:\WINNT\system32\NETAPI32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETE9.tmp Version: 5.0.2195.6891 *** Destination:C:\WINNT\system32\NETLOGON.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEA.tmp Version: 5.0.2195.6896 *** Destination:C:\WINNT\system32\ntdsa.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEB.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\PSBASE.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEC.tmp Version: 5.0.2195.6893 *** Destination:C:\WINNT\system32\scecli.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETED.tmp Version: 5.0.2195.6903 *** Destination:C:\WINNT\system32\scesrv.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETEE.tmp Version: 5.0.2195.6894 *** Destination:C:\WINNT\system32\sfcfiles.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF0.tmp Version: 5.0.2195.6897 *** Destination:C:\WINNT\system32\USER32.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF1.tmp Version: 5.0.2195.6794 *** Destination:C:\WINNT\system32\USERENV.DLL Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF2.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\w32time.dll Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF3.tmp Version: 5.0.2195.6824 *** Destination:C:\WINNT\system32\w32tm.exe Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF4.tmp Version: 5.0.2195.6898 *** Destination:C:\WINNT\system32\WINLOGON.EXE Version: 5.0.0.0 *** Source:C:\WINNT\system32\SETF5.tmp Version: 5.131.2195.6824 *** Destination:C:\WINNT\system32\WINTRUST.DLL Version: 5.0.131.0 *** Source:C:\WINNT\system32\SETFA.tmp Version: 5.1.2600.1327 *** Destination:C:\WINNT\system32\winhttp.dll Version: 5.0.1.0 *** IsRebootRequired: At least one file operation was delayed; reboot is required. If none are listed below, check above for delayed deletes. *** IsRebootRequired: c:\winnt\system32\wintrust.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\winlogon.exe was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\winhttp.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\w32tm.exe was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\w32time.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\userenv.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\user32.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\winsrv.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\win32k.sys was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\ntdll.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\kernel32.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\sfcfiles.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\schannel.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\scesrv.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\scecli.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\samsrv.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\samsrv.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\samlib.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\samlib.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\psbase.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\ntoskrnl.exe was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\ntkrnlpa.exe was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\ntdsa.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\netlogon.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\netapi32.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\msv1_0.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\msv1_0.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\msgina.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\msasn1.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\msasn1.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\mpr.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\drivers\mountmgr.sys was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\mountmgr.sys was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\lsass.exe was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\lsass.exe was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\lsasrv.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\drivers\ksecdd.sys was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\ksecdd.sys was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\kerberos.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\gdi32.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\eventlog.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\dnsrslvr.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\dnsapi.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\cryptsvc.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\crypt32.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\cmd.exe was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\browser.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\basesrv.dll was delayed; reboot is required. *** IsRebootRequired: c:\winnt\system32\advapi32.dll was no-delay replaced; reboot is required. *** IsRebootRequired: c:\winnt\system32\dllcache\advapi32.dll was no-delay replaced; reboot is required. *** DoInstallation: IsRebootRequired returned TRUE. *** VerifySize: Unable to verify size: Source = NULL: c:\winnt\oem1.cat *** RebootNecessary = 1,WizardInput = 0 , DontReboot = 1, ForceRestart = 0 *** *************************************************************** This is the manifest of the applied hotfixes: KB823559.exe KB819696.exe KB824105.exe KB823182.exe KB826232.exe KB828035.exe KB825119.exe KB828749.exe KB830352.EXE KB835732.EXE KB828741.EXE KB837001.EXE KB839643.EXE KB842526.EXE KB841872.EXE KB841873.EXE dtcsetup.exe KB840315.EXE KB839645.EXE ***************************************************************** This list does not include the Qchain utility. Also, it reflects the dtcsetup which was extracted from one of the patches so I could use command line switches with it. All advice is appreciated. -overworked-
  4. I'm not a heavy Linux user but, of the distributions I've seen (Red Hat, Suse...not but a brief look at Mandrake) Yellow Dog does an excellent job with their Mac distribution! Worth a look if you have the hardware sitting around and are bored or frustrated one day! -overworked-
  5. overworked

    Untitled thread

    Anyone have any good tips on taking apart commercial msi installer packages to make sure they don't overwrite your up to date system files? I've just started looking at the ORCA database editor....it appers that if you exclude all languages but English, Roxio 5.x will fit on about 10 MB of a CD rather than the whole CD that Adaptec use to distribute it. What I really need is a relational database of all the OS files, OS Patch files, reg keys and files/reg keys of all those *&^% applications we deliver. That way, you could easily search on the files and reg keys that are touched! ...just dreamin' What I REALLY need is a very long vacation! ...again, an unfortunate dream.... -overworked- PS: I guess Symantec Antivirus Corp. Ed. 9.X will be included in this question since they have parted with their custom installer (no loss there)....
  6. Well, I tried to delete the pagefile.sys by going into performance options and selecting a file size of 0 bytes. This appeared to remove the pagefile. Then when I rebooted W2K created a new small page file for me. The same error persists. I've compared the registry settings for ftdisk.sys on well behaved systems and errant systems from the new deployment. I am fairly certain MS has created a file mismatch for me with KB835732 (MS04-011). 25-Feb-2004 23:55 5.0.2195.6902 1,699,904 Ntkrnlmp.exe 25-Feb-2004 23:55 5.0.2195.6902 1,699,264 Ntkrnlpa.exe 25-Feb-2004 23:55 5.0.2195.6902 1,720,064 Ntkrpamp.exe 11-Mar-2004 02:37 5.0.2195.6902 1,726,032 Ntoskrnl.exe These are the files that I think may be related to the problem. I found a MS bulletin that said these files were replaced in SP4 to cure the same error....although the file versions were earlier. To avoid finding old files delivered in my deployment, I usually have to take apart the cab files, update them and put them back together in the deployment. Thus, these files would not only be included in the I386 directory but also the SP4 cab file. I have seen older versions of files pulled out of cabs too many times (even with the appropriate security cats in place). Also, I noticed that ftdisk.sys was not replaced in the KB835732 patch. I guess my next step will be to put together a deployment excluding this patch and apply the patch at the end of the deployment as you would with a previously installed OS. If the test system without this patch does not have the error and by applying this patch the error shows up, we'll know that this patch is responsible. Also, I'll take a snapshot of the registry before and after, in the event that the error doesn't appear, I'll look for differences in the registry that may cause the problem.....If I had to do his for all the MS patches, I'd QUIT! I'll let you know what I find....although it may be a few days (this is my part-time job). -overworked-
  7. FYI Windows XP SP2 doesn't recognize Symantec Anti-Virus Corp. Ed. 8 as valid anti-virus software. Corp Ed. 9 is supposedly recognized. -Overworked-
  8. I recently slipstreamed SP2 into Windows XP the same way I slipstreamed SP1 into the same and SP 3 and 4 into W2K. Unfortunately, now when I boot off my freshly slipstreamed WXPSP2 media, it prompts me for the SP2 CD. This sorta defeats the purpose of incorporating SP2 into the original media. If anyone else has found a work-around for this, I'd love to hear about it. Thanks, -Overworked-
  9. The Evil Empire doesn't like me! Recently, I have completed slipstreaming SP4 and all the SP5 hotfixes into a W2K distribution. In testing this it has become apparent that something isn't quite right. I get an event 49 ftdisk error configuring the page file for crash dump on all the test machines. Searching the docs for this error leads to 2 situations/solutions which do not apply. 1) This error can occur when you increase the RAM in a machine without increasing the page file accordingly. Then if the machine crashes, the page file is too small for the memory dump. 2) An error that was supposedly fixed with SP4 and included version 5.0.2195.5505 of Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe and Ntoskrnl.exe. I'm at version 5.0.2195.6902. I have compared the version and MD5 of ftdisk.sys being deployed and running on machines that don't exhibit this error. They are the same. I have examined the registry of well behaved machines vs. those of the test machines. I'm at a complete loss. Aside from pulling out the SysInternals tools and looking at what files are involved prior to the error being generated, I just don't know what else to do. If anyone has encountered this problem and has a solution I sure would like to hear about it. Wading through Filemon and Regmon logs just isn't my forte. Regards, -Overworked-
  10. The best way I have found of implementing IE6 patches into the base install is to use the IEAK. This is supposed to download the latest and greatest from the Evil Empire and incorporate it into your distribution. Unfortunately, it doesn't work with the latest patches according to the MS Baseline Security Analyzer. As a fix for this I disassembled the IEMIL_1 - IEMIL_4 cab files in the downloaded directory of the IEAK. Then, I inserted the correct files with their associated security catalogues and compressed it back into a cab file. Same for MAILNEWS and WEB cabs for LookOut! Express. Now the unattended installation halts when installing LookOut! Express and informs me that files in the OE "5" installation are not signed. I think I can work around this by specifying a different driver signing policy when the installation starts and going back to the driver signing policy at the end. However, I don't know how I'm going to diagnose and correct the following error associated with my deployment: Event 49 Ftdisk Error - Error configuring page file for crash dump. The page file starts at 1.5x the physical memory in the machine and caps at 2x. This should be plenty for a crash dump. MS references a fix for this back in SP4. My deployment is post SP4 and includes all of the hotfixes released. The files noted in the SP4 fix are Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe and Ntoskrnl.exe. MS gives a file version of 5.0.2195.5505. I'm at 5.0.2195.6902. The version of Ftdisk.sys I'm deploying is the same version that works on other machines without this error 49. Good luck in trying to patch everything up, it has been an ongoing project for at least 6 mo. with me. I have revised my original goal. Now, I just want to patch everything deployed by the original W2K CD with the addition of IE6PostSP1. If you come across any leads on the ftdisk error 49 thing, please pass them along. Cheers, Overworked [Edited by overworked on 2004-08-12 21:22:20]
  11. Are you seeing any messages about "harddrive 1 has drive cache enabled which may lead to data corruption...or something to that effect" in the eventlogs? Also, what vendor and BIOS revision are you using? No answers yet....a few huntches I'd like to explore further.... -overworked-
  12. Well, to answer part of my own question.... I've found that from Novell Console One you can export registry entries from the AXT/AOT files by editing the application object and simply right clicking on the part of the registry you want and select export....yes, I'm depriving a village of an IDOT. As for the ">" question....no answers yet.
  13. Well, to answer part of my own question.... I've found that from Novell Console One you can export registry entries from the AXT/AOT files by editing the application object and simply right clicking on the part of the registry you want and select export....yes, I'm depriving a village of an IDOT. As for the ">" question....no answers yet.
  14. overworked

    Help...Entry point errors

    In the bad old days of W2K SP2, I would occasionally have to uninstall Adeptec/Roxio...it seemed to get tied up with the Dell Management stuff. In order to resolve the problems, I would have to uninstall both Roxio and Dell management stuff. Then I could reinstall Roxio and all was well. The Dell management stuff should have been deleted from the machine when it came in the door but was neglected or overlooked. If you can uninstall other software that may be causing problems and get to a stable platform, try patching to SP4 (it really is better than SP2!) and then reinstall Roxio. -overworked-
  15. Well for all of those who have recently tried to slipstream the latest Microsoft patches into their work, you will have noticed that they dropped the ball again! KB835732 which replaces KB824141 workes with most of the files it is supposed to replace/deploy. Unfortunately, rdpwd.sys doesn't make it to the winnt/system32/drivers folder. All the other files in the same patch deploy just fine. I would venture a guess that somehow it got left out of their security catalog....ugh! I'm not even sure it get's deployed properly in KB824141. I'm trying to deploy it like an OEM file now, we'll see how that goes. If the security catalog is wrong, I wouldn't want to do a sfc /purge on that system! Anyone else run into this mess?
×