Help Please,

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I must have deleted a necessary file off of my computer and now I can't open
any files or run any programs from my desktop shortcuts. For example, when I
try to open Microsoft Word I get the following message: Error, Windows
cannot find 'null', make sure you typed the name correctly and then try
again. Does anyone know which file I could have deleted and how to get it
back again?
 
Bob

Is there an Error Report in the Application section of Event Viewer? If
yes please post a copy.

You can access Event Viewer by selecting Start, Administrative Tools,
Event Viewer.
When researching the meaning of the error, information regarding Event
ID, Source
and Description are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427&Product=winxp

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the
error you want to copy. In the window, which appears is a button
resembling two
pages. Double click the button and close Event Viewer. Now start your
message
(email) and do a paste into the body of the message. This will paste the
info from the
Event Viewer Error Report complete with links into the message. Make
sure this is
the first paste after exiting from Event Viewer.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
..
 
thanks Gerry

I have 2,317 events in my event viewer. I have several from this evening
but when I try to create a new one by replicating the error (clicking on
Microsoft Word on the desktop for example) I don't get any new events. The
last one was about 1 1/2 hours ago. I have copied three of them below. One
is an application, one is security the other system

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1002
Date: 11/4/2005
Time: 5:58:52 PM
User: N/A
Computer:
Description:
The shell stopped unexpectedly and explorer.exe was restarted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 11/4/2005
Time: 7:03:09 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer:
Description:
Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 11/4/2005
Time: 7:03:35 PM
User: N/A
Computer:
Description:
The WMI Performance Adapter service entered the stopped state.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
Bob

Concentrate on Error Reports where the Event Type is "Error".

You can filter. View, Filter.


--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
Application error on Tuesday of this week which is when the problem first
happened

Event Type: Error
Event Source: MSN Error Reporting
Event Category: None
Event ID: 1000
Date: 11/1/2005
Time: 1:13:26 AM
User: N/A
Computer:

Description:
The description for Event ID ( 1000 ) in Source ( MSN Error Reporting )
cannot be found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote computer.
You may be able to use the /AUXSOURCE= flag to retrieve this description; see
Help and Support for details. The following information is part of the event:
msn.exe, 9.10.11.1703, seal.dll, 9.10.11.1703, 000729c2.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 2e 65 78 65 20 39 2e 31 .exe 9.1
0020: 30 2e 31 31 2e 31 37 30 0.11.170
0028: 33 20 69 6e 20 73 65 61 3 in sea
0030: 6c 2e 64 6c 6c 20 39 2e l.dll 9.
0038: 31 30 2e 31 31 2e 31 37 10.11.17
0040: 30 33 20 61 74 20 6f 66 03 at of
0048: 66 73 65 74 20 30 30 30 fset 000
0050: 37 32 39 63 32 0d 0a 729c2..



System error that happened tonight

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/4/2005
System error

Time: 9:01:04 PM
User: N/A
Computer:
Description:
The xadz service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
hi bob
try searching support for problems with ".lnk" (that is an L) extension - if
you have changed your mouse to 1 click instead of a double click at any time
to open files this problem can occur - what happens is that all the link
files seem to malfunction - i eventually found the answers to solve the
problem
 
Bob

I am wondering about spyware, The reference to the xadz service is
strange.

When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it back into your system. Turn off System Restore until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.

Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.

Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.

Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.

Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.

If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).

Work through the spyware removal programmes etc in turn in safe mode
until you get no results.

Afterwards, update your own anti-virus application and perform another
full system scan.

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~

Bob said:
Application error on Tuesday of this week which is when the problem
first
happened

Event Type: Error
Event Source: MSN Error Reporting
Event Category: None
Event ID: 1000
Date: 11/1/2005
Time: 1:13:26 AM
User: N/A
Computer:

Description:
The description for Event ID ( 1000 ) in Source ( MSN Error
Reporting )
cannot be found. The local computer may not have the necessary
registry
information or message DLL files to display messages from a remote
computer.
You may be able to use the /AUXSOURCE= flag to retrieve this
description; see
Help and Support for details. The following information is part of the
event:
msn.exe, 9.10.11.1703, seal.dll, 9.10.11.1703, 000729c2.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 2e 65 78 65 20 39 2e 31 .exe 9.1
0020: 30 2e 31 31 2e 31 37 30 0.11.170
0028: 33 20 69 6e 20 73 65 61 3 in sea
0030: 6c 2e 64 6c 6c 20 39 2e l.dll 9.
0038: 31 30 2e 31 31 2e 31 37 10.11.17
0040: 30 33 20 61 74 20 6f 66 03 at of
0048: 66 73 65 74 20 30 30 30 fset 000
0050: 37 32 39 63 32 0d 0a 729c2..



System error that happened tonight

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/4/2005
System error

Time: 9:01:04 PM
User: N/A
Computer:
Description:
The xadz service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Click to expand...
 
When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it back into your system. Turn off System Restore until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.

Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.

Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.

Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.

Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.

If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).

Work through the spyware removal programmes etc in turn in safe mode
until you get no results.

Afterwards, update your own anti-virus application and perform another
full system scan.

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
thanks to everyone. I will try the suggestions and see how it goes

I know that I tried to recreate the shortcut and with some files (like
Excel) the shortcuts work, with some files it doesn't work
 
I can't open up my mouse settings in the control panel because of this
problem. it says "windows can't find rundll32.exe, make sure you spelled the
name correctly....." any thoughts?
 
Bob

More evidence of a malware attack.

Download and run CWShredder,in safe mode.
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Then try Start, Run, type "sfc /scannow" without quotes and hit Enter.
Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/default.aspx?scid=kb;en-us;310747

There may be further corrective measures but you need to carry out the
other cleaning measures I have suggested. Restoring the machine to full
running order is stage 2.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
Back
Top