Another 'technical help request' thread - Printable Version +- Drunkard's Walk Forums (http://www.accessdenied-rms.net/forums) +-- Forum: General (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=1) +--- Forum: General Chatter (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=2) +--- Thread: Another 'technical help request' thread (/showthread.php?tid=10693)

Another 'technical help request' thread - ECSNorway - 09-26-2010 Some time ago, my laptop started behaving strangely. I would get errors stating "COM+ Event System has stopped working" but it did not seem to imair the sstem's performance. Now things are becoming more unpleasant. I have been having difficulty getting it to accept DHCP assignment from the router, and there issome serious DNS wonkiness going on with Firefox and occasionally email as well. It takes a very long time to connect to web servers and download and display pages. My other PCs are not affected at all. The laptop is running Windows Vista home edition, I can get more details and am  planning on adding a HijackThis list shortly. -- Sucrose Octanitrate. Proof positive that with sufficient motivation, you can make anything explode. - Ankhani - 09-26-2010 Quick Google-fu says that the COM+ Event System service is required for the Background Intelligent Transfer Service. BITS is the download manager for Windows Update, so if your COM+ went on the fritz, you might not have been getting OS updates. It may be that the Firefox and Email tie into this as well, but I don't know for sure. Service Details here. --- The Master said: "It is all in vain! I have never yet seen a man who can perceive his own faults and bring the charge home against himself." >Analects: Book V, Chaper XXVI - ECSNorway - 09-26-2010 HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52:08 PM, on 9/26/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: Crogram Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe Crogram Files (x86)DAEMON Tools Litedaemon.exe Crogram Files (x86)Spybot - Search & DestroyTeaTimer.exe CrogramDataFLEXnetConnect11ISUSPM.exe Crogram Files (x86)ToshibaConfigFreeNDSTray.exe Crogram Files (x86)FlashGetflashget.exe Crogram Files (x86)Common FilesJavaJava Updatejusched.exe Crogram Files (x86)iTunesiTunesHelper.exe Crogram Files (x86)ToshibaConfigFreeCFSwMgr.exe Crogram Files (x86)MUSHclientMUSHclient.exe Crogram Files (x86)Trend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REGystem.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram Files (x86)FlashGetjccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~2SPYBOT~1SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Crogram Files (x86)Javajre6injp2ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram Files (x86)FlashGetgetflash.dll O4 - HKLM..Run: [NDSTray.exe] NDSTray.exe O4 - HKLM..Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM..Run: [ToshibaServiceStation] "Crogram Files (x86)TOSHIBATOSHIBA Service StationTSS.exe" /hide O4 - HKLM..Run: [Camera Assistant Software] "Crogram FilesCamera Assistant Software for Toshiba raybar.exe" /start O4 - HKLM..Run: [jswtrayutil] "Crogram Files (x86)Jumpstartjswtrayutil.exe" O4 - HKLM..Run: [Flashget] "Crogram Files (x86)FlashGetflashget.exe" /min O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [Adobe Reader Speed Launcher] "Crogram Files (x86)AdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [Adobe ARM] "Crogram Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [QuickTime Task] "Crogram Files (x86)QuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "Crogram Files (x86)iTunesiTunesHelper.exe" O4 - HKLM..Run: [Nuance PDF Reader-reminder] "Crogram Files (x86)NuancePDF ReaderEregEreg.exe" -r "CrogramDataNuancePDF ReaderEregEreg.ini" O4 - HKCU..Run: [TOSCDSPD] Crogram FilesTOSHIBATOSCDSPDTOSCDSPD.exe O4 - HKCU..Run: [DAEMON Tools Lite] "Crogram Files (x86)DAEMON Tools Litedaemon.exe" -autorun O4 - HKCU..Run: [SpybotSD TeaTimer] Crogram Files (x86)Spybot - Search & DestroyTeaTimer.exe O4 - HKCU..Run: [ISUSPM] CrogramDataFLEXnetConnect11ISUSPM.exe -scheduler O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:Windowssystem32MacromedFlashNPSWF32_FlashUtil.exe -p O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &Download All with FlashGet - Crogram Files (x86)FlashGetjc_all.htm O8 - Extra context menu item: &Download with FlashGet - Crogram Files (x86)FlashGetjc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~2MICROS~2Office12EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~2MICROS~2Office12ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~2MICROS~2Office12ONBttnIE.dll O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~2MICROS~2Office12REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram Files (x86)FlashGetFlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram Files (x86)FlashGetFlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~2SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~2SPYBOT~1SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/po ... der_v6.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing) O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - Crogram Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - Crogram Files (x86)BonjourmDNSResponder.exe O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - Crogram Files (x86)TOSHIBAConfigFreeCFProcSRVC.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - Crogram Files (x86)TOSHIBAConfigFreeCFSvcs.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - Crogram Files (x86)TOSHIBA GamesTOSHIBA Game ConsoleGameConsoleService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - Crogram Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram Files (x86)Common FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - Crogram Files (x86)iPodiniPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - Crogram Files (x86)Jumpstartjswpsapi.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - Crogram FilesCommon FilesLogiShrdBluetoothlbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%System32 etlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - Crogram Files (x86)Spybot - Search & DestroySDWinSec.exe O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing) O23 - Service: SmartFaceVWatchSrv - Toshiba - Crogram FilesTOSHIBASmartFaceVSmartFaceVWatchSrv.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - Crogram Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - Crogram Files (x86)ToshibaTOSHIBA DVD PLAYERTNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:Windowssystem32TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - Crogram FilesTOSHIBAPower SaverTosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - Crogram FilesTOSHIBASMARTLogServiceTosIPCSrv.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - Crogram Files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - Crogram Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 11052 bytes Additional symptom: when I go tothe wireless connection status icon in the system tray, I get an error that says "The service that provides this information has stopped running." or similar. -- Sucrose Octanitrate. Proof positive that with sufficient motivation, you can make anything explode. - Sofaspud - 09-27-2010 Well, wherever you see "(file missing)", that's a good hint that you've got a problem.  Also, two of your services strike me as bad ideas, but your machine, your risk.  PopCap and WildTangent have both been known to cause system stability issues, though PopCap has gotten better about that lately.  Both are intrusive, IMO, and have no business on a machine.  Simply put, why do you need a background process running for games that you aren't playing at that moment? That said, given this log, I'd suspect that something ate your networking subsystem.  Not likely malware, but possibly a botched malware removal or misapplied patch.  You should not have those services references pointing to missing files. First thing I'd suggest is a full disk scan, which will take some time.  If you have bad sectors where those files used to be on your drive, this will flag them so you can work around them in the future.  After that's checked out, the simplest fix is to reinstall Windows.  But you can try replacing each missing file manually, though that doesn't guarantee success. Edit to add: by 'disk scan' I mean a scan for disk errors, not a virus or malware scan.  Under My Computer, right-click on your C: drive, choose Properties, then Tools, then Error Checking or Scan for Errors or whatever your flavor of Windows calls it. --sofaspud --"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs - ECSNorway - 09-27-2010 Windows reinstall is going to be annoying. All I have is the stupid "restore to factory format" partition. -- Sucrose Octanitrate. Proof positive that with sufficient motivation, you can make anything explode. - Sofaspud - 09-27-2010 Some of those -- specifically, Toshiba and Dell, maybe others -- will sometimes have a Repair option, which basically does a reinstall of Windows over the top of your existing Windows install, preserving all your apps and data.  (This is the time-honored method by which you fix most Windows errors, as it happens.) Wouldn't hurt to check, though I'd take a backup of your data and important bits first, just in case your finger slips and hits the Erase Everything button   I've done it, it's no fun. --sofaspud --"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs - bmull - 09-27-2010 Look for the "missing" files in your C:WindowsSystem32 folder.  If you see them, then it is HJT not having the correct access rights to verify the missing files. One thing to try: >>Right click "Computer" >>Click "Manage" >>Under the "System Tools" section, Double click "Local Users and Groups" >>Click "Groups" >>Right click "Administrators" >>Click "Add to group..." >>Click "Add" >>Click "Advanced" >>Click "Find Now" >>Double click "Local Service" >>Click "Ok" >>"NT AuthorityLocal Service" should show up in the list now >>Click "Ok" >>Close Computer Management and reboot. > >Remember, all credit goes to BlueShot @ Microsoft TechNet Forums! - ECSNorway - 09-27-2010 Noted, and thanks. Started a disk check this morning before leaving for work, will check results as soon as I get home. -- Sucrose Octanitrate. Proof positive that with sufficient motivation, you can make anything explode. - Sofaspud - 09-27-2010 Oh, nice catch, bmull.  I forgot he was running Vista.  Under XP (unless he's running as a limited user, which 99% of people do not), HijackThis would be by default running in the Administrator context, which has access to system32.  But Vista's limited user accounts... yeah, they probably don't. --sofaspud --"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs - paladindythe - 09-28-2010 Two notes about reinstall. 1) A Windows Vista or newer (read: 7) re-install will move the entire old installation (minus temp files) to a folder names Windows.old in the new drive. 2) However, I wouldn't count on that until tested. So, your best bet is to copy everything that's not easily reinstallable/downloadable (to include drivers!) onto some sort of external media. (If you're really broke, upload everything except video files (and application installs) to a Windows Live Skydrive--they give out 25 GB for free/account)