Another 'technical help request' thread

[ECSNorway]

Some time ago, my laptop started behaving strangely. I would get errors stating "COM+ Event System has stopped working" but it did not seem to imair the sstem's performance.
Now things are becoming more unpleasant. I have been having difficulty getting it to accept DHCP assignment from the router, and there issome serious DNS wonkiness going on with Firefox and occasionally email as well. It takes a very long time to connect to web servers and download and display pages. My other PCs are not affected at all.
The laptop is running Windows Vista home edition, I can get more details and am  planning on adding a HijackThis list shortly.
--
Sucrose Octanitrate.
Proof positive that with sufficient motivation, you can make anything explode.

[Ankhani]

Quick Google-fu says that the COM+ Event System service is required for the Background Intelligent Transfer Service. BITS is the download manager for Windows Update, so if your COM+ went on the fritz, you might not have been getting OS updates. It may be that the Firefox and Email tie into this as well, but I don't know for sure.

Service Details here.
---

The Master said: "It is all in vain! I have never yet seen a man who can perceive his own faults and bring the charge home against himself."

>Analects: Book V, Chaper XXVI

[ECSNorway]

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:08 PM, on 9/26/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
Crogram Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
Crogram Files (x86)DAEMON Tools Litedaemon.exe
Crogram Files (x86)Spybot - Search & DestroyTeaTimer.exe
CrogramDataFLEXnetConnect11ISUSPM.exe
Crogram Files (x86)ToshibaConfigFreeNDSTray.exe
Crogram Files (x86)FlashGetflashget.exe
Crogram Files (x86)Common FilesJavaJava Updatejusched.exe
Crogram Files (x86)iTunesiTunesHelper.exe
Crogram Files (x86)ToshibaConfigFreeCFSwMgr.exe
Crogram Files (x86)MUSHclientMUSHclient.exe
Crogram Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REGystem.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram Files (x86)FlashGetjccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~2SPYBOT~1SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Crogram Files (x86)Javajre6injp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram Files (x86)FlashGetgetflash.dll
O4 - HKLM..Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM..Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM..Run: [ToshibaServiceStation] "Crogram Files (x86)TOSHIBATOSHIBA Service StationTSS.exe" /hide
O4 - HKLM..Run: [Camera Assistant Software] "Crogram FilesCamera Assistant Software for Toshiba raybar.exe" /start
O4 - HKLM..Run: [jswtrayutil] "Crogram Files (x86)Jumpstartjswtrayutil.exe"
O4 - HKLM..Run: [Flashget] "Crogram Files (x86)FlashGetflashget.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "Crogram Files (x86)AdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "Crogram Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [QuickTime Task] "Crogram Files (x86)QuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "Crogram Files (x86)iTunesiTunesHelper.exe"
O4 - HKLM..Run: [Nuance PDF Reader-reminder] "Crogram Files (x86)NuancePDF ReaderEregEreg.exe" -r "CrogramDataNuancePDF ReaderEregEreg.ini"
O4 - HKCU..Run: [TOSCDSPD] Crogram FilesTOSHIBATOSCDSPDTOSCDSPD.exe
O4 - HKCU..Run: [DAEMON Tools Lite] "Crogram Files (x86)DAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [SpybotSD TeaTimer] Crogram Files (x86)Spybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ISUSPM] CrogramDataFLEXnetConnect11ISUSPM.exe -scheduler
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:Windowssystem32MacromedFlashNPSWF32_FlashUtil.exe -p
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - Crogram Files (x86)FlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - Crogram Files (x86)FlashGetjc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~2MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram Files (x86)FlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram Files (x86)FlashGetFlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~2SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~2SPYBOT~1SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/po ... der_v6.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - Crogram Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - Crogram Files (x86)BonjourmDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - Crogram Files (x86)TOSHIBAConfigFreeCFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - Crogram Files (x86)TOSHIBAConfigFreeCFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - Crogram Files (x86)TOSHIBA GamesTOSHIBA Game ConsoleGameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - Crogram Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram Files (x86)Common FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - Crogram Files (x86)iPodiniPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - Crogram Files (x86)Jumpstartjswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - Crogram FilesCommon FilesLogiShrdBluetoothlbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - Crogram Files (x86)Spybot - Search & DestroySDWinSec.exe
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - Crogram FilesTOSHIBASmartFaceVSmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - Crogram Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - Crogram Files (x86)ToshibaTOSHIBA DVD PLAYERTNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:Windowssystem32TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - Crogram FilesTOSHIBAPower SaverTosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - Crogram FilesTOSHIBASMARTLogServiceTosIPCSrv.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - Crogram Files (x86)Common FilesUlead SystemsDVDULCDRSvr.exe
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - Crogram Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 11052 bytes

Additional symptom: when I go tothe wireless connection status icon in the system tray, I get an error that says "The service that provides this information has stopped running." or similar.
--
Sucrose Octanitrate.
Proof positive that with sufficient motivation, you can make anything explode.

[Sofaspud]

Well, wherever you see "(file missing)", that's a good hint that you've got a problem.  Also, two of your services strike me as bad ideas, but your machine, your risk.  PopCap and WildTangent have both been known to cause system stability issues, though PopCap has gotten better about that lately.  Both are intrusive, IMO, and have no business on a machine.  Simply put, why do you need a background process running for games that you aren't playing at that moment?
That said, given this log, I'd suspect that something ate your networking subsystem.  Not likely malware, but possibly a botched malware removal or misapplied patch.  You should not have those services references pointing to missing files.
First thing I'd suggest is a full disk scan, which will take some time.  If you have bad sectors where those files used to be on your drive, this will flag them so you can work around them in the future.  After that's checked out, the simplest fix is to reinstall Windows.  But you can try replacing each missing file manually, though that doesn't guarantee success.
Edit to add: by 'disk scan' I mean a scan for disk errors, not a virus or malware scan.  Under My Computer, right-click on your C: drive, choose Properties, then Tools, then Error Checking or Scan for Errors or whatever your flavor of Windows calls it.

--sofaspud
--"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs

[ECSNorway]

Windows reinstall is going to be annoying. All I have is the stupid "restore to factory format" partition.
--
Sucrose Octanitrate.
Proof positive that with sufficient motivation, you can make anything explode.

[Sofaspud]

Some of those -- specifically, Toshiba and Dell, maybe others -- will sometimes have a Repair option, which basically does a reinstall of Windows over the top of your existing Windows install, preserving all your apps and data.  (This is the time-honored method by which you fix most Windows errors, as it happens.)
Wouldn't hurt to check, though I'd take a backup of your data and important bits first, just in case your finger slips and hits the Erase Everything button   I've done it, it's no fun.

--sofaspud
--"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs

[bmull]

Look for the "missing" files in your C:WindowsSystem32 folder.  If you see them, then it is HJT not having the correct access rights to verify the missing files.
One thing to try:
>>Right click "Computer"

>>Click "Manage"

>>Under the "System Tools" section, Double click "Local Users and Groups"

>>Click "Groups"

>>Right click "Administrators"

>>Click "Add to group..."

>>Click "Add"

>>Click "Advanced"

>>Click "Find Now"

>>Double click "Local Service"

>>Click "Ok"

>>"NT AuthorityLocal Service" should show up in the list now

>>Click "Ok"

>>Close Computer Management and reboot.
>
>Remember, all credit goes to BlueShot @ Microsoft TechNet Forums!

[ECSNorway]

Noted, and thanks. Started a disk check this morning before leaving for work, will check results as soon as I get home.
--
Sucrose Octanitrate.
Proof positive that with sufficient motivation, you can make anything explode.

[Sofaspud]

Oh, nice catch, bmull.  I forgot he was running Vista.  Under XP (unless he's running as a limited user, which 99% of people do not), HijackThis would be by default running in the Administrator context, which has access to system32.  But Vista's limited user accounts... yeah, they probably don't.

--sofaspud
--"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs

[paladindythe]

Two notes about reinstall.
1) A Windows Vista or newer (read: 7) re-install will move the entire old installation (minus temp files) to a folder names Windows.old in the new drive.
2) However, I wouldn't count on that until tested. So, your best bet is to copy everything that's not easily reinstallable/downloadable (to include drivers!) onto some sort of external media. (If you're really broke, upload everything except video files (and application installs) to a Windows Live Skydrive--they give out 25 GB for free/account)