[davidkayla]

Hi, I wonder if you are able to help please?
I mistakenly downloaded Bearshare. Subsequently I was getting a Bearshare Search page in Chrome and IE and error messages when I opened certain apps. I decided to remove Bearshare by the Add / Remove program option.

As you would probably expect, things haven't quite returned to normal. My system restore option was cleared BEFORE the date of Bearshare installation. System Restore now appears to be capturing system restore points as per normal now.

When I click on one of my favourite programs: Voipbuster I get the error: The procedure entry point isthreaddesktopcomposited could not be located in the dynamic link library USER32.dll.

I downloaded Dependency Walker and the following calls are made early on in the profile. It also says that these paths/programs do not exist:
c:\progra~1\bearsh~1\mediabar\datamngr\DATAMNGR.DLL
c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.DLL

Is someone please able to tell me where I go from here? Am I able to surgically remove those calls? I have tried reinstalling Voipbuster but that makes no difference. If someone could let me know (simply) why reinstallation of voipbuster does not make any difference that would be appreciated.

I have included the dependency walker process tree as an attachment. No I haven't, it said I wasn't allowed!!
Regards,
David.

[Tripredacus]

Certain file types are not allowed to be uploaded to the forum. You can either put it in a ZIP file or you can upload it to another place like SkyDrive on Windows Live.

[jaclaz]

More generally it is possible that the program replaced your USER32.DLL with an older version.
Check the version of the USER32.DLL you can find in your \<windows>\System32\ directory, for XP typically it should be 5.1.2600.2180 or later.

jaclaz

[davidkayla]

That's the strange thing. I did download another version of user32.dll and it made no difference! How does one tell which module is making those Bearshare calls? Is it the one immediately above the calls?

[davidkayla]

Here is the zip file containing an image of the module tree from dependency walker. The .dwi file was too big but I can try some other way of sending it if someone thinks they could use it.

Attached File(s)

•  ScreenShot003.zip (71.05K)
  Number of downloads: 9

[jaclaz]

davidkayla, on 17 March 2011 - 07:24 PM, said:

That's the strange thing. I did download another version of user32.dll and it made no difference! How does one tell which module is making those Bearshare calls? Is it the one immediately above the calls?

And are you going to post WHICH exact version you are now using or is this info considered confdential?

You did actually re-register the "new" .dll, didn't you?

http://www.ehow.com/...user32_dll.html

jaclaz

[davidkayla]

The version of user32.dll that I am now using is: 5.1.2600.2180
No I have not re-registered that module. I will have a look at that asap and let you know the outcome.

[davidkayla]

There has been a development. I rerun SFC with the original XP system disk and I don't get the User32.dll error any more when I start Voipbuster (The procedure entry point isthreaddesktopcomposited could not be located ...). The strange thing is is that I did run this before but it did not previously solve the problem.

When I now run Voipbuster in dependency walker I can see that it is still trying to make those calls to bearshare modules (Remember that I have re-installed Voipbuster). Where are those calls being made from, system modules (that should have been replaced by SFC) or Voipbuster (that has been reinstalled)?

Voipbuster may now be running ok but those calls still annoy me.

[jaclaz]

Most probably there are some leftovers in the Registry.

These can be traced back by doing some searches in the Registry, but probably working as well and easier would be to do a couple iterations of Registry cleaning with RegSeeker:
http://www.hoverdesk.net/freeware.htm

In my experience if you simlply delete everything it finds "non kosher" never created a problem, but you may want to review the items it lists before actually backing them up and deleting them.

jaclaz

[davidkayla]

Thanks for that Jaclaz,
Before I read your email I downloaded Hijack This and did a search of the registry and found and deleted a few bearshare entries. This appears to have worked well. It has been a learning curve for me and I still don't understand how the registry works. Are there any tools to lock down the registry so that rogue apps can't change it?
Thanks. David.