# One More Time--Kernel32 Problems



## rslack (Jul 17, 2004)

I've read and re-read most all the stuff re: Kernel32 problems but I'll be darned if I can pinpoint the cause of my problem. I get the following error msgs with various programs:

MRW caused an invalid page fault in
module KERNEL32.DLL at *016f:bff7b9a6*.
Registers:
EAX=00000000 CS=016f EIP=bff7b9a6 EFLGS=00000246
EBX=01224240 SS=0177 ESP=006ef630 EBP=006ef644
ECX=01224240 DS=0177 ESI=012242a8 FS=5fd7
EDX=01330e9c ES=0177 EDI=012242a8 GS=0000
Bytes at CS:EIP:
ff 76 04 e8 13 89 ff ff 5e c2 04 00 56 8b 74 24 
Stack dump:
01224240 708feb72 012242a8 00000000 01330ea0 006ef684 708fe278 01330ea0 0000000d 006ef66c 00000001 01224240 00000012 00000000 819d170c 00000000

PCBUGDOCTOR caused an invalid page fault in
module KERNEL32.DLL at *016f:bff7b9a6*.
Registers:
EAX=00000000 CS=016f EIP=bff7b9a6 EFLGS=00000246
EBX=00000000 SS=0177 ESP=0065f034 EBP=0065f048
ECX=00781cb0 DS=0177 ESI=00781d18 FS=6127
EDX=00675a78 ES=0177 EDI=00781d18 GS=0000
Bytes at CS:EIP:
ff 76 04 e8 13 89 ff ff 5e c2 04 00 56 8b 74 24 
Stack dump:
00781cb0 708feb72 00781d18 00781d70 00675af0 0065f06c 708fc50f 0067612c 00001000 0065f068 00000000 00675af0 00000000 00000000 0065f088 708f6cbe

You'll notice that the memory address is the same in both error msgs --- However, it's not a faulty memory module because I changed the memory strips and get the same address. Also of interest is that the "Registers" and the "Bytes at CS:EIP" are the same. Only the "Stack Dump" is different.

I've tried most of the "fixes / problem areas" that are listed below

The following conditions can cause KERNEL32.DLL error messages:


Damaged swap file -------- deleted and started new one
File allocation damage ------ ran scan-disk-- no problems
Damaged password list -------- deleted
Damaged/incorrect version KERNEL32.DLL file ---- re-installed from C prompt
Damaged registry --- Not sure how to fix this
Hardware, hot CPU, over clocking, broken power supply, RF noise, ground bounce, or bad hard disk controller 
BIOS settings for Wait states, RAM timing, or other BIOS settings --none changed
Third-party software that is damaged or incorrectly installed -- Safe Mode = no change
.DLL files that are saved to the desktop ---- none
Non-existent or broken Temp folder --Temp folder present --how can it be "broken"
A control panel (.CPL) file is damaged --appears OK--
Incorrect or damaged hardware driver 
Incorrectly installed printer drivers or HP Jetadmin drivers --wouldn't starting in safe mode eliminate this possibility ?
Damaged Java Machine 
Damaged .LOG files 
Damaged entries in the History folder --- all files deleted--no change
Incompatible or damaged dynamic link library files -- not sure how to check--tried to run a program that would check this but got the Kernel32 error
Viruses -- none found
Damaged or incorrect MSINFO32.EXE file --- works OK
Low disk space -- no
Other problems that depend on the Kernel file --- ????


Anyone want to take up the challenge here ?


----------



## Tumbleweed36 (Feb 13, 2004)

Hi,

Hope this wasn't listed and I missed it, but here it goes anyway:

http://www.all-windows.com/kernel32.html


----------



## WhitPhil (Oct 4, 2000)

The address shown is not a RAM one, but rather a virtual address.

Some kernel errors can be caused by spyware. Have you done a SpyWare check?

As well, get a second opinion on viruses.


----------



## rslack (Jul 17, 2004)

I'm sorry I took so long in getting back on the forum. 

Mark--I have seen / worked that page. Not ALL of it but most. Guess I was hoping for a fast & easy cure. Guess I'll have to keep plugging away.

Whit----OK--it's a virtual address. How does that help me or does it? And yes, I have done a spyware / adware / virus / scandisk / file scan (for corrupt or damaged files) but to no avail.

I did do one test from the C: prompt ie: registry /fix (I think that was it) and got an error msg to the effect that the C drive was too small and I needed to make more room in order for the 'fix' to take place OR re-install windows in a different file folder. Well, C drive has an extra 1 gig of space Shouldn't that be enough? And--If I re-install Windows (I have 98SE) to another folder, 1. How is that done? 2. How do I designate that that Windows be used ? 3. Should I put it in a folder in one of my other (partioned) drives ? 4. If I do then how do I designate that drive to be my primary drive ie: start-up drive? By going into the BIOS?

OK--enough questions for now. Thanks guys for your help.


----------



## rslack (Jul 17, 2004)

By the way---I've tried to install 2 or 3 "Fix-It" software programs ( Registry Mechanic and PC Bug Dr ) but can't get them to start up because of ---------you guessed it--a kernel32 error. :>)


----------



## WhitPhil (Oct 4, 2000)

I realize that you have done a virus check. Have you done a second one, with a second product, such as HouseCall.

It may be useful to see the exact error message you are getting, and confirm that it was from Scanreg/Fix.

If you restart and run in Safe mode, do you get any Kernel32 errors?

It may also be useful to see a HiAJackThis log.


----------



## rslack (Jul 17, 2004)

Hi Whit--
No I did not do another virus scan with a different product. I'll see what House Call is all about. Yes, I get the same error message in Safe Mode. Below is the error message I get with scanreg /fix. Below that is the HJT log. (The scan got to 70% complete when the message popped up.)

Thanks for your time. I really appreciate it!

SCANREG /FIX ERROR MSG.
"Windows found an error in your system files and was unable to fix the problem. Try deleting some files to free up disk space on your Windows drive. If that doesn't work, then you will need to install Windows to a new directory."

Logfile of HijackThis v1.97.7
Scan saved at 10:38:17 PM, on 08/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\DUAL WHEEL MOUSE\4DMAIN.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2G1.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
D:\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
D:\UTILITIES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.refer=slv&.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F1 - win.ini: load=C:\windows\system\spool32.exe
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\UTILITIES\FRESHDOWNLOAD\FDCATCH.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBEACROBAT\ADOBEACROBAT5\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\PROGRAM FILES\YAHOO!\COMMON\YCHECKH.DLL
O2 - BHO: (no name) - {1B77D30A-81C9-497A-8647-142F7511B1FB} - D:\Utilities\CSS\IEGUARD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\PROGRAM FILES\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Dual Wheel Mouse\4DMAIN.EXE -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O7 "EPUSB1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [IPInSightLAN 03] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 03] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\PROGRAM FILES\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\SYSTEM\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - Startup: Image & Restore.lnk = C:\PROGRAM FILES\McAfee\McAfee Office\Nuts & Bolts\IMAGE32.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\resource.dll
O4 - Startup: Kodak EasyShare software.lnk = D:\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: SystemSuite.lnk.disabled
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Dictionary (HKLM)
O9 - Extra 'Tools' menuitem: Dictionary (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar	&2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms	&] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms	&[ (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: Identities	&, (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ameritech.net/redirect/start.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {C54A28A1-5EBF-11D5-9F0E-00A0C99A7357} (SpeedCtl Class) - http://iweb.intertainer.com/eod/downloads/SpeedTest.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37866.1608912037
O16 - DPF: {6F5BBBF0-1978-11D5-8591-009027889212} (Ontrack EasyUpdate Web) - http://download1.burnadisc.com/files/pagedepot/vcom/EasyUpdate/ASP/npEZUWeb.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4250/mcfscan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v44/collapse/collapse.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab


----------



## rslack (Jul 17, 2004)

bump


----------



## WhitPhil (Oct 4, 2000)

The Kernel error and Scanreg error may be related. I see that you are not running ScanRegistry in your startups. This means that you are not taking daily registry backups AND you are not allowing the registry to be periodically Optimized (run with the /OPT switch).

Restart to DOS and enter

Scanreg /Opt

The OPT parameter is used to reduce the "unused" space in the registry that results from items being deleted. (they are still there, can't be seen but are taking up space).

If this runs to completion, try the /FIX run again.

If you get the same error, we may need to use a Reg Cleaner to reduce the Registry Size.

From Explorer, browse to \Windows
What are the sizes of SYSTEM.dat and USER.dat?

There is also some housecleaning that we can do in your startups but I don't see anything that looks suspicious.


----------



## rslack (Jul 17, 2004)

Thanks--I'll do it now


----------



## rslack (Jul 17, 2004)

ran scanreg /opt ---- this only took very short while (< 1 min ) and no indication on screen that anything was being done(is this right?)---- then ran scanreg /fix with the same result as above (stopped at 70% done with error msg of not enough room, change windows dir., etc)

Sytem dat file = 13,393kb
user dat file = 1,981kb


----------



## WhitPhil (Oct 4, 2000)

Ok. 
We need to get the overall size of the Registry down. As you have discovered, Scanreg doesn't work when it gets into the 10MB and above range.

Since you have not been running Scanreg at boot time (for whatever period of time), I expect a lot of the size may be related to "unused"/deleted space.

So, try the following. BEFORE you do this ensure that you have at least a couple of registry backups created using Scanreg/Backup (these will be under \Windows\Sysbckup).

This procedure, called ShopVac was built in the Win95 days before Scanreg. (and ignore the blather about removing invalid and junk registry keys. It doesn't do this).

Briefly, what it does is an unload of the registry to a text file, and then a reload of the registry from the text files. As a result of the reload, the resulting registry contains no unused space and will be smaller in size. In your case, hopefully substantially.
(This rebuild is also what \FIX essentially does without doing it to text files)

And, as the note indicates it can/will take some time, so be patient.

So, open Notepad and Copy/Paste the first part of the red code from 
Rem {begin code]
down to
Exit

Save the file as C:\Shopvac.bat

Do the same with the code that follows and call it C:\Undo.bat

Now, shutdown and on the bootup hit F8 to get to a Command prompt (or boot with a boot disk and get to the C:\ prompt)

At the prompt enter

SHOPVAC

and sit back

When it finishes, reboot.


----------



## rslack (Jul 17, 2004)

Hi Whit--
Somehow I missed your last posted response so I just saw it this morning. The use of Shopvac sounds great. Thanks. Now if it just works, I'll be a very happy camper. I'll let you know what happens. Thanks again.


----------



## rslack (Jul 17, 2004)

OK--not a happy camper!!

When I ran Shopvac, I got the following (not verbatum, just the highlights):

Now exporting the registry and making backup
unable to open registry (1,016) - c:windowssystem.dat
unable to open registry (1,016) - c:windowsuser.dat
Now checking for old Shopvac files and making redundant backups
blah ,blah renaming rebuilding etc--------
Now rebuilding system.dat
cannot import c:system.txt:error opening file
Now rebuilding user.dat
cannot import c:user.txt:error opening file

Shopvac 2000 is done

Had to run undo.bat in order for me to re-boot successfully. (obviously had messed up the system and user dat files)

When you stated this:

So, try the following. BEFORE you do this ensure that you have at least a couple of registry backups created using Scanreg/Backup (these will be under \Windows\Sysbckup).

Is Scanreg/backup done at the c:/prompt ? Is there supposed to be a space between scanreg and /backup ? Can this be done at the c:/ prompt within windows ?


----------



## WhitPhil (Oct 4, 2000)

Ok.

I just took a look at the batch file code and the reason you received the error is because it is looking for a registry called
c:\windowsystem\system.dat instead of
c:\Windows\System\System.dat

So, we can try again. I have attached copies of the Shopvac and Undo files that I have "fixed". (rename the TXT files to REG)

If you wish, you can restore the Scanreg backup that you took before this happened.
OR, just leave it alone, and give THIS version of Shopvac a try.

Before doing so, from Explorer under \Windows\Sysbckup check the datestamps on the RB***.cab files and note the name of the one created when you did your backup.

As well, as another safety precaution, I would do a copy/paste on this file to save another copy. Also, rename it to something like REGSAVE.cab so that we can get at it easily from DOS, if required.


----------



## rslack (Jul 17, 2004)

I thought that it didn't look right but who was I to say?

OK-copied and renamed cab file and put it in C: 

Copied the 2 txt files to C: and renamed w/.reg

Gonna run Shopvac-----cross your fingers


----------



## rslack (Jul 17, 2004)

Whit
Shouldn't the Shopvac.txt be renamed to a .bat file (undo file also)?


----------



## WhitPhil (Oct 4, 2000)

Sorry, don't know where my head was.

Yes BAT files!!!


----------



## rslack (Jul 17, 2004)

Hey Whit--
Sorry I haven't gotten back to you.
OK--I ran the new script for Shopvac. Seems to have worked but--------when the program ended 9I wasn't able to watch the progress. Had to go to work. When I got home, this was on the screen:

c:\windows> Ren system.dat *.dbt
c:\windows> Ren user.dat *.dbt

Build new registry

c:\windows> regedit /1 :c:\windows\system.dat /c c:\system.txt
cannot import c:\system.txt: Error accessing the registry

c:\windows> regedit /1 :c:\windows\user.dat /c c:\system.txt
cannot import c:\user.txt: Error accessing the registry

The previous registry has been restored

------------------------------------------------
Summary

The old registry files are renamed as system.dbt / user.dbt and user.txt / system.txt


So-------was this what was supposed to come up? Did it clean up all the dead space? My computer appears to be performing correctly although guess what? ------I still get the kernel32 error. Gee, what a surprise :>)

When I go to bed tonight, I'm going to run the scanreg /fix and see if I get the same error msg.


----------



## rslack (Jul 17, 2004)

Whit--
Just checked the system.dat file. It's the same size,13,393kb. User.dat is now 2,077kb which is slightly larger than it was.

Don't know if the above means anything. Just thought I'd report it to you.

This is an aside------while I switch from page to page here, I keep getting this msg. pop up "Spybot S&D has blocked download of Avenue A, Inc." This attempted download and subsequent block by Spybot sometimes prevents the page from fully loading. This is not the only site on which this happens. So-----do you know what Avenue A, Inc. is ? Obviously, it's probably spyware but why is it only showing up on some sites and, in particular, why is it showing up on this site??


----------



## WhitPhil (Oct 4, 2000)

Last one first, Avenue A, is an Advertising site that makes use of cookies in order to do it's thing. And, it "may" use an actual URL. 
It is obviously one that SpyBot is "protecting" you from. But, if these are sites you want to visit, just make Avenue A an acceptable one.

Shopvac:

What BAT files are you running?
The output does NOT look like the contents of the Shopvac.txt file that I attached because the regedit lines are wrong.

c:\windows> regedit /1 :c:\windows\system.dat /c c:\system.txt
c:\windows> regedit /1 :c:\windows\user.dat /c c:\system.txt

should be 

regedit /l:c:\windows\system.dat /e c:\system.txt
regedit /r:c:\windows\user.dat /e c:\user.txt 

That's an ELL not a one and in the second line the load of user.dat comes from user.txt NOT system.txt

And the "The previous registry has been restored" came from ????
You ran the UNDO.bat file???


Or are the typos above just yours as you transcribed the errors??


----------



## rslack (Jul 17, 2004)

Sorry Whit--This is what it should have looked like after Shopvac ran. (everything within the ***)

****************************************************************
c:\windows> Ren system.dat *.dbt
c:\windows> Ren user.dat *.dbt

Build new registry

c:\windows> regedit /l:c:\windows\system.dat /c c:\system.txt
cannot import c:\system.txt: Error accessing the registry

c:\windows> regedit /l:c:\windows\user.dat /c c:\user.txt
cannot import c:\user.txt: Error accessing the registry

The previous registry has been restored

------------------------------------------------
Summary

The old registry files are renamed as system.dbt / user.dbt and user.txt / system.txt

****************************************************************
I did screw up -- a little -- when I transcribed. But, I notice you have an 'e' after system.dat / and user.dat / and I have a 'c'. I don't think I made a mistake here or did I?

I don't know where this, 

"And the "The previous registry has been restored" came from ????
You ran the UNDO.bat file???"

I didn't run the undo.bat

Maybe I should have told you that my life generally follows "Murphy's Law"-- if it can screw up, it will. And all the other Murphyisms usually apply too.

OK--so now what Chief?? I await with baited breath.


----------



## WhitPhil (Oct 4, 2000)

Yuk!!

There is an MS KB note on that Reg error, but for Win95, and I could find no Win98 references. But, it talks about one of the keys being too large (HKCR).
And, I have no idea where that Registry Restore message is coming from. Especially if it is after the errors and before the Summary!! It's as if Windows stepped in when it saw the reg failure, and did a Registry Restore. But, since we are at the DOS level, this really shouldn't/can't be happening.

Just to confirm, you DID boot up to a Command prompt (or use a boot disk) before running the bat files?

My only thought is to start UNinstalling applications that you have installed that you no longer use, in an attempt to chop down the size of some of these keys.
We can also run a reg cleaner first, like EasyCleaner in an attempt to remove some unused reg entries.

Hang tough for a bit, and see if anyone else has some thoughts on a way forward. In the interim, you could start reviewing what you have installed that is unnecessary in preparation for some unnstalling.

There are probably some other reg cleaners, like MruBlaster that can also be run to try and shrink the size!


----------



## rslack (Jul 17, 2004)

"Just to confirm, you DID boot up to a Command prompt (or use a boot disk) before running the bat files?"------Yes

"There is an MS KB note on that Reg error----" ----could you let me know where you found this?

So you think that Shopvac DID NOT do what it was supposed to do ??

"And, I have no idea where that Registry Restore message is coming from. Especially if it is after the errors and before the Summary!! It's as if Windows stepped in when it saw the reg failure, and did a Registry Restore. But, since we are at the DOS level, this really shouldn't/can't be happening."---------Don't you just love computers!!?

When speaking of registry size, on average, just how big/small is the registry? 

Where can you go or is there any singular file that lets you know just how big a registry is?

Just for the heck of it, I'm going to run Shopvac and/or Scanreg /fix again and see what happens. I'll get back to you.


----------



## WhitPhil (Oct 4, 2000)

REGEDIT May Not Be Able to Import Registry with Large Keys

As I said above, all the Shopvac file is doing, is exporting the System and User registry files, to Text files. Then, deleting the existing registry files, and rebuilding the registry by importing the 2 text files back in.

So, the Export has worked, but the import is failing, and I am guessing that this is due to some large key in the Registry that Regedit can not build during the import.

As for a typical size. That depends on what you have installed on the PC, AND on whether Scanreg is periodically getting rid of the unused space. But, on a "typical" PC, this size would be in the 5 to 10MBs range.

And, once it gets above 10 (regardless of whether a large key is involved), Scanreg has trouble.

So, the ways to reduce the size are
1. Export/Import thus eliminating the unused space
2. Uninstalling programs to create more unused space BUT in the process reducing the size of some of the registry keys
3. Running Registry cleaners - again to delete (and create unused space) any entries that are no longer required due to (primarily) uninstall programs that do not do a good job of cleaning all entries from the registry.

So, if you run the fix again, I'm betting that if will fail, as will another run of Shopvac.

You could try, doing multiple scanreg / Opt runs (ie 2 or 3 in a row). In theory there should be not difference, but may be worth a shot.
When done, see if the size of System.dat is any smaller than when you started.

Before you do this, download and run MRUBLASTER and let it clean everything it finds.

It will definitely delete unnecessary entries from the registry, and just may create enough unused space, that scanreg/opt will kick in and actually reduce the size.


----------

