Solved

Corrupt dll needs to be replaced

Posted on 2004-09-16
16
965 Views
Last Modified: 2012-06-22
I have a corrupt dll file (advpack.dll) that is causing a lot of problems - primarily I can't install updates.  How do I replace it with the 'advpack.dl_' file in my c:/I386 folder?  Or is there a better solution?
0
Comment
Question by:humeniuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 2
16 Comments
 
LVL 8

Expert Comment

by:sgstuart
ID: 12081317
HI humenluk,
       Follow these steps and you should be good.
1)   Log into the machine with the corrupt .dll with an account that has Admin rights.

2)  Run regsvr32 -u advpack.dll   now rename the file to advpack.old
      If it would not let you unregister the file, you still might be able to rename the file, and do that.

3)   Restart the machine

4)   Run "Expand advpack.dl_ advpack.dll"
     move the new advpack.dll to its proper location

5) Run regsvr32 advpack.dll

6)  You may need to restart the machine one more time, but you should not need to.

Now try it again.

Thanks,
Steven Stuart
0
 
LVL 2

Assisted Solution

by:andyswarbs
andyswarbs earned 50 total points
ID: 12084593
You may run into Windows file protection issues with the above process.  Although you replace the file, on reboot the original (bad file) is put back in place. Also are you sure this is the bad file?  perhaps there are others.

the pukkah way to solve this is to click start_> run and enter "sfc /scannow".  This should run through your entire set of MS dlls and fix any that are wrong.  It knows about your service pack updates as well. It may ask your for your win2k cd.


Andy
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12085136
Thanks for the prompt response.

sgstuart,

When I follow step 2, I get the following error message:
"advpack.dll was loaded, but the DllUnregisterServer entery point was not found.
DllUnregisterServer may not be exported, or a corrupt version of advpack.dll may be in memory.  Consider using PView to detect and remove it."

If I rename the file (I used advpack.bak), the .dll file is replaced within seconds, not even after reboot as andy suggested.  I tried step 4 anyway, but with no success.


andywarbs,

I ran 'sfc /scannow' and the problem wasn't resolved.


Here's why I think that file is corrupt:

When I try to update Windows, I get the following error message -
"Error creating process <C:\ . . . etc . . . > Reason: INNT\system32\advpack.dll
I can't see the rest of the error message because thanks to the wonders of MS, it runs of the side of the dialog box into oblivion.

I have researched this problem on E-E and on the web via Google and it is generally referred to as being caused by a corrupt advpack.dll file.  Additional suggestions I've tried include running a repair install, but nothing has worked, I still can't install updates.  Similarly, Windows Media Player has vanished from my system and can't be reinstalled.  I've checked repeatedly for viruses and other types of malware (spybot, AdAware, HijackThis, etc.), but come up clean every time.

The only solution I've seen for this is the one I'm trying to avoid - a clean reinstall.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 8

Expert Comment

by:sgstuart
ID: 12085839
HI humeniuk,
      I should have realized that it would not work and that it was going to be harder, I forgot that it gets recreated in mere seconds, because it is Windows 2000.

       Microsoft actually has a tool that you can use called "inuse.exe" that will allow you to replace in-use dll's on the fly.   I have used it many times in the past, on servers.  It is very simple to use.
     Download it from Microsoft at  http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/inuse-o.asp
 by going to this link, and clicking on the inuse.exe download icon in the upper right.


    After you have the inuse.exe on the machine in question.  
1) Have an uncorrupted version of the advpack.dll placed somewhere, on or off the server, on is easier.
2) open a command prompt to the directory that has the inuse.exe
3) at the prompt type 'inuse.exe c:\directory\advpack.dll c:\winnt\system32\advpack.dll /y'
4) the /y makes it promptless, if you want to be prompted to hit Y or N  then leave that off.,  the c:\directory\advpack.dll is the path to the uncorrupted version,   the c:\winnt\system32\advpack.dll is the path to where the in-use dll is located.

This should do the trick, let me know if you have more questions.

Thanks,
Steven Stuart
0
 
LVL 8

Expert Comment

by:sgstuart
ID: 12085857
Hi Humeniuk,
    I should have said,  5) restart at the end of that.   It will tell you that the Changes do not take affect until you reboot though.

Thanks,
Steven Stuart
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12087165
Thanks for the tip, Steven.  I gave it a try and got the following message:

"c:\winnt\system32\advpack.dll is protected by WFP"

Is there a way to turn of WFP or can I circumvent it by attempting this in safe mode (or something like that)?
0
 
LVL 8

Accepted Solution

by:
sgstuart earned 250 total points
ID: 12087371
Hi humeniuk,
     I am seeing if that happens to disable WFP  by changing a registry setting.  
  The registry is at
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

These are the Registry Values that are relevant to play with
Registry Values

SFCDisable (REG_DWORD)
0 = enabled (default)
1 = disabled, prompt at boot to re-enable
2 = disabled at next boot only, no prompt to re-enable
4 = enabled, with popups disabled

NOTE: For options 1 and 2: Both of these options require a kernel debugger to be hooked up for those options to become useable. If a kernel debugger is not hooked up, Windows File Protection is not disabled.
SFCScan (REG_DWORD)
0 = do not scan protected files at boot (default)
1 = scan protected files at every boot
2 = scan protected files once

Because it states that you may need to have a kernel debugger hooked up it may not work.  However, this is the easiest suggestion.

      Another suggestion that I have seen is  to try slaving it in another machine and overwriting it that way, but you would need a spare computer.

Thanks,
Steven Stuart
0
 
LVL 8

Expert Comment

by:sgstuart
ID: 12087558
Hi Humeniuk,
     I found this article which my add some additional tips to disabling WFP.

http://www.roger.id.au/tweaks/visual/fileprotection.php


Thanks,
Steven Stuart
0
 
LVL 2

Expert Comment

by:andyswarbs
ID: 12111306
I have beaten WFP by copying the file to the clipboard and have a couple of explorer dlg boxes open on sys32 and sys32\dllcache.  Then as the system gets close to shutting down paste, paste, paste repeatedly. At some point WFP gives up and bang your last paste kicks in.  

Also WFP sometimes restore from where service pack files are stored (in case both sys32 and dllcache are corrupt, I guess) - so if you overwrite that advpack it might be an easy fix.  Actually the more I think about it simply overrite the servicepack file and lets WFP "correct" the situation for you.  I would certainly like to know if this works - since it implies that WFP can be usurped and it can be turned against itself.

Sounds interesting huh? I am dying to know if you have luck with this.
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12114404
andyswarbs,
I tried your methods first (potentially simple solution), but to no avail.  I replaced all instances of advpack.dll and advpack.dl_ with known good versions, etc., but the problem persists.


sgstuart,
I reviewed the link you provided and downloaded the recommended hex editor, but I was lost when I opened the sfc.dll file to edit it.  Can you give any directions as to how to find/edit the entry I am supposed to fix according to the info in that link?  (ie. " SFC.DLL from Win2000 SP2: go to physical offset 00006211 (6211h) and change the 8BC6 bytes to read 9090.")
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12114559
FYI - I also tried disabling through the registry entry as outlined, but still got the "c:\winnt\system32\advpack.dll is protected by WFP" message.
0
 
LVL 8

Expert Comment

by:sgstuart
ID: 12117909
Hi Humeniuk,
      Try following this website instead, I think it is easier to follow there is no hex editing, which the one I previously gave you  (which happens to only be valid for W2k SP2)  I have SP4 and it is not a valid address.    If one does not know how to use it,  I would not.

    So try the following instead, move down to the how to disable WFP part.

http://www.griffin-digital.com/wfp.htm

The main thing, which the other one showed as well, but could have been over looked. is change that registry key to ffffff9d,   see if it works first without a reboot, if it does great, if not,  reboot again and try again.   Make sure after the reboot, that the registry still has that change.

    I hope this works for you this time.

Thanks,
Steven Stuart
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12118286
That explains it to some degree.  I also have SP4.  I tried the registry change, but didn't check it after rebooting.  I'll review the link and then try again.

Thanks for sticking with this.
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12118444
The registry change has been made and is holding, but it still says the file is protected by WFP.  I noticed in the process of checking everything that I have no dllcache, though.  Any thoughts?
0
 
LVL 8

Expert Comment

by:sgstuart
ID: 12119663
hi humeiuk,
      I am running out of suggestions.   The only other thing I can think of.   Is try to run from another boot partition.   Another Hard Drive or another disk.  A harder way would be the slave computer, but I do not know enough to give you directions going that route.

     If you can get a boot CD or DVD with enough of the operating System on it, so that you can see your current System folder, then you would be able to get to it as those files would not be protected anymore, as they would not be the boot partition.  At that point you could just move the file in and rename the old one or what ever you wish.    This will fix the file if it is truly corrupted, but if it is something else, it probably will not.   Make sure to use a file that you know is good.

Thanks,
Steven Stuart
0
 
LVL 33

Author Comment

by:humeniuk
ID: 12124197
I'd thought about that - using another computer, but at this point, based on the fact that I can't even be completely sure that the problem is that the file is corrupt, I would prefer to just go the re-install route.  This is what I was trying to avoid in the first place, but I've already spent as much time trying to avoid it as I would have accepting it  :-)

Thank you for your persistence and good advice.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question