You sent me two copies of the filemon report by mistake. Can you please double check and send me the real Regmon report? Thanks.
You sent me two copies of the filemon report by mistake. Can you please double check and send me the real Regmon report? Thanks.
I've just emailed you the files.
thx
I'm not seeing anything in the logs except maybe a possible language issue. And I can't test that here.
Does this folder exist?HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Pictures SUCCESS "%USERPROFILE%\Τα έγγραφά μου\Οι εικόνες μου"
"%USERPROFILE%\Τα έγγραφά μου\Οι εικόνες μου"
When Smitfraudfix runs. it sets your wallpaper to nothing.
Are you saying that then you can go in and change it to anything you like? But then after a restart, you can't?
I had thought you said that you just can't change it at all.
Can you clarify?
What language is your System set to please?
Can you send me a copy of your custom.theme file when you have the problem please?
Last edited by Mosaic1; 2007-01-19 at 01:00.
System is in Greek. Yes I mean that,
After Smitfraudfix runs I can go in and change it to anything I like. After restart, I cannot.
That would point to a restriction of some type. But I see nothing in your logs. Regmon shows us what keys are accessed. And it does show that Windows is looking for restrictions which it doesn't find.
This is baffling. And the logs you sent were logs from when you have the problem?
I'll have to give this more thought.
WE never really did get to the bottom of the regsvr32 themeui.dll problem.
You have tried several things which have fixed the changing wallpaper problem. Then after reboot an it's back. Everything would effect the registry. But Regmon isn't showing us any problems when we monitor. There's only so much Smitfraud does. And removing registry restrictions is the big thing which would effect this problem. But how yours is behaving is strange. woith these restrictions in place, the area which shows you the choices would be dimmed and yours is not.
Can you run smitfraudfix again please? As soon as it has finished running, go to start >Run
Type
regsvr32 /i themeui.dll
Press enter
Does it succeed now?
After a restart, can you try it again?
regsvr32 /i themeui.dll
Do you now get an error?
Thx
I will try this on Sunday as I am away.
Kind regards,
Mills
Dear Mosaic,
After running Smitfraud fix I was able to change the wallpaper and successfully register themeui.dll.
After reboot I am unable to change the wallpaper or theme BUT I can successfully register themeui.dll. I no longer get any errors regarding this.
Any ideas?
Thx
Mills
Hi,
To tell you the truth, I'm baffled. I have scoured your Regmon and Filemon logs. There is no indication of any restrictions being in place at all. Otherwise I'd say the restrictions have been put back in place. But Regmon shows keys being queried for restrictions with none being found. Filemon show no access denied on any of the files it accesses either.
Smitfraud and the fix only do so much.
At one point you used a script to disable Active Desktop and that worked for a while too.
Let's have another look at the registry.
Download Registry Search from this link:
http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip
unzip to a folder on the desktop and then run the exe.
For the search, enter
Policies
Press ok
This will take a bit to run. When finished, it will create a text file.
Post the results please.
Then do the same for Restrictions please.
Quick question. When you open display properties and click the desktop tab, is the list of files dimmed out instead of being white?
What does the themes page look like?
You use Xp Pro, correct?
I do too. Although I have nothing showing in my registry regarding any wallpaper policy and can change mine at will, there's something here. A leftover.
The Policy editor shows a wallpaper policy in effect even though I removed the registry entries I had added earlier.
Can you find the hidden folder:
C:\WINDOWS\system32\GroupPolicy
Inside the Group Policy folder will be these subfolders:
Machine
User
Adm
Open each one and then look for a file named:
Registry.pol
Don't edit them. Please just open in notepad and then see what they say. Or make copies and send them to me.
Let me know which one is from each folder.
Mine has a policy or two still listed. No ill effects here but if you have anything in there, I'll have you open gpedit.msc and properly remove it later. Then we'll see if anything changes.
There are proper ways of doing things in Windows. Sometimes bypassing those can cause problems. It's worth a try.
Posting Permissions
