Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple function failure here, too! Reinstall XP? 6

Status
Not open for further replies.
dory20

dory20

Technical User
Feb 23, 2009
7
CA
I have fairly recently found Tek-Tips site and am hoping that someone can help. I have been trying to sleuth these problems for just over a week:

After a reboot, browser only connects for about 90 seconds, then loses connection (both IE & Firefox). I am using another computer for this message to the forum & to d/l repair apps.

Outlook Express connects & downloads new e-mail without problems. E-mails open OK. Can't reply, or forward (gives message: There was an error opening this message There is not enough memory) I increased virtual memory to just over twice 760 RAM - no difference).

Have lost "click & drag" function.

Cut, copy & paste don't work properly. Can Cut (Ctrl X)from a Word doc but when try to Paste (Ctrl V), get message: There is not enough memory or disk space to complete the operations.

AVG (free) found no infection. AVG Updates fail - likely due to problem accessing internet. Was able to update once two days ago during brief '90 second' opportunity.

Max Secure Spyware Detector found:

Trojan.Agent in files & reg keys
downloader.small
Trojan.fraudpack
downloader.autoit

All were quarantined.

RegCure seems to work but doesn't restore lost functions. RegCure cannot set System Restore (... System Restore is turned off. To turn it on ... etc)

System Restore doesn't seem to work - "System Restore is unable to protect your computer. Please restart ... etc" Check box is clean. "Monitoring" C drive.

Zone Alarm has disappeared and won't reload.

Lost Task Bar & had to create new one to access Start menu.

Minimized windows don't incorporate into task bar but rather 'sit on top of it'

Add/Restore Programs doesn't work for some installed programs "The Windows Installer server could not be accessed. This can occur ... if in Safe Mode, or Windows Installer is not correctly installed"

Ran HJT & can post log if useful.

Ran ipconfig/flushdns Got message: Could not flush the DNS Resolver Cache Function failed during execution.

MBAM failed with message: Runtime error 372 Failed to load control 'vbalgrid' from vbalsgrid6.ocx Your version ... may be out of date. Maybe because I was trying to run it from Flash memory stick?

Ran 'netsh winsock show catalog' before & after 'netsh winsock reset' Some differences apparent but I don't know what to make of them.

Ran CHKDSK and machine restarted OK with no problems.

Installed & ran Ccleaner. Seemed to function OK but no improvement.

Ran WinsockFix, as recommended - didn't restore internet functionality.

Seems to be memory problem(s). Reinstall or repair XP?

Any help much appreciated - I couldn't find these (lengthy) symptoms on Tek Tips forum but for some similarity to recent"Loss of function" post. Previously posted to Tech Guy forum but received no response after many days.

Thanks!


 
Sort by date Sort by votes
hi,
try to reinstall TCP/IP Protocol (in a network device)
(probably you need XP CD) and if, after you can, make a windows update. (or before, if you have not already done)
bye
victor
 
Upvote 0 Downvote
Thank you victor - I ran:

netsh int ip reset resetlog.txt and got this message:

WARNING: Could not obtain host information from machine [the name of my computer]. Some commands may not be available. The RPC server is unavailable.

I am logged on to my home computer with Administrator privileges. I didn't log on as Admin because I forget the password. I do have my XP Pro CD.
 
Upvote 0 Downvote
Very interesting - I just received a system for 'repair' with almost these exact symptoms. I was about to backup the data and reload the system, but now I'm interested in trying to figure it out.

In addition to what you've posted, System File Checker runs fine, but doesn't help. And many services that are not started (like RPC as you've noticed) report 'system can not find the file specified' when trying to manually start them. System paths seem to be OK.

Maybe, I'll mess around with this a little while longer.
 
Upvote 0 Downvote
To rule out virus or malware as a reason, see if you can Rename any of the .exe that are nor running such as MBAM, the reason I suggest that is that some vicious malware will stop Microsoft programs, and third party security programs, from loading based on just the name of the particular security program. That applies equally to Setup.exe etc.

Is the Internet working from "Safe Mode with Networking"?
What are the rest of your problems like from Safe Mode?

It wouldn't hurt to post your HijackThis log.

Alternatively you can back up all your valuable data, reformat the hard drive and reinstall Windows. You could even put the hard drive in another machine and attack it from there as far as scanning it is concerned.
 
Upvote 0 Downvote
My vote would be backup & do a clean install. I'd lay odds you have one of the malwares like vundo or antiviruspro - I've seen similar symptoms many times now - and once so many functions are broken, starting again is only viable course of action (its just too time consuming to work out how to repair everything, even when all nasties have been eradicated).

If is not malware, almost certainly hardware issue - which would become apparent during a clean install (there would be problems with the install).
 
Upvote 0 Downvote
Thanks victor, smah and linney!

No good news yet.

MBAM still won't install properly because of Runtime error 372, as above.

Max Secure Spyware Destroyer ran overnight, as scheduled, and found:

Downloader.Banload (c:\windows\system32\drivers\yfra.sys)

Previous several scans had come up clean.

In Safe Mode I can only connect to the internet for about 90 seconds - the same as regular mode.

In Safe Mode the problems are the same as in regular mode.

Here is HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:32 AM, on 2/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\SpywareDetector\SDMainService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\TeoSoft.com\trayagent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = microsoft internet explorer provided by shaw high speed internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {0C081808-15C0-4104-80D9-D4D122F05DD3} - (no file)
O2 - BHO: (no name) - {138F0344-4E6C-4F64-9E40-E66DF50E7F6B} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: {5745e870-7a71-6a7a-3194-6ccab00b8fa4} - {4af8b00b-acc6-4913-a7a6-17a7078e5475} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {877FB8C9-2EF3-4B96-B2B1-7CE2CB857FD0} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Clean Space 10 trayagent] C:\Program Files\TeoSoft.com\trayagent.exe
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [Clean Space 10 trayagent] C:\Program Files\TeoSoft.com\trayagent.exe (User '?')
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [TeoSoft.com Registration reminder] (User '?')
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {E2E2DD38-D088-4134-82B7-F2BA38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {E2E2DD38-D088-4134-82B7-F2BA38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 7311 bytes

Thank you!
 
Upvote 0 Downvote
The Following need to be fixed:

O2 - BHO: (no name) - {0C081808-15C0-4104-80D9-D4D122F05DD3} - (no file)
O2 - BHO: (no name) - {138F0344-4E6C-4F64-9E40-E66DF50E7F6B} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: {5745e870-7a71-6a7a-3194-6ccab00b8fa4} - {4af8b00b-acc6-4913-a7a6-17a7078e5475} - (no file)
O2 - BHO: (no name) - {877FB8C9-2EF3-4B96-B2B1-7CE2CB857FD0} - (no file)

definitely needs to be fixed:

O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect (User '?')

even if this is not a TROJAN, it does not hurt to remove them...

Software that needs updating:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

Java RE is at version 1.6.0_12, anything below that is a security risk!

about the RUNTIME error, it can be related to the malware infestation, or simply that your VB6.0 Runtime files are corrupted...

I would start with this:

Download a fresh copy of MBAM and rename the executable to "TEST.EXE", then reboot into SAFEMODE with NETWORKING, then execute (install) TEST.EXE and update it... RUN a quick scan and then a FULL scan... if you still get the RUNTIME error, then do the following (all two points)...

1. install a fresh copy of the Visual Basic Runtime Files:

VBRun60.exe installs Visual Basic 6.0 run-time files

2. copy mbam.sys and mbamswissarmy.sys to the following windows folder C:\Windows\System32\Drivers

report back with any probs...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Upvote 0 Downvote
There is some evidence that anything to do with TeoSoft is malware and you might want to remove it from your machine?

C:\Program Files\TeoSoft.com\trayagent.exe
O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect (User '?
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [TeoSoft.com Registration reminder] (User '?')
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [Clean Space 10 trayagent] C:\Program Files\TeoSoft.com\trayagent.exe (User '?')
O4 - HKCU\..\Run: [Clean Space 10 trayagent] C:\Program Files\TeoSoft.com\trayagent.exe

These appear unnecessary as no file is associated with the entry.

O2 - BHO: (no name) - {877FB8C9-2EF3-4B96-B2B1-7CE2CB857FD0} - (no file)
O2 - BHO: {5745e870-7a71-6a7a-3194-6ccab00b8fa4} - {4af8b00b-acc6-4913-a7a6-17a7078e5475} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {138F0344-4E6C-4F64-9E40-E66DF50E7F6B} - (no file)
O2 - BHO: (no name) - {0C081808-15C0-4104-80D9-D4D122F05DD3} - (no file)
 
Upvote 0 Downvote
Thanks everyone!

I got rid of BHOs that were noted.

I have fixed the TeoSoft and Clean Space items as suggested - ran an uninstall and cleaned up remnants with HJT. Thanks for the warning about TeoSoft, Linney.

I can now connect to the internet with Firefox, which is a huge improvement for me. Don't know what recent action achieved this.

Ben: I d/l'd a fresh copy of MBAM and renamed it TEST.EXE as recommended. Rebooted into Safe Mode with internet. Failed with Runtime Error in both Safe & regular modes.

D/l'd & installed fresh copy of VBRun60.exe & installed. Think it worked but didn't know where to look for it.

Did not find mbam.sys and mbamswissarmy.sys in the MBAM folder to copy to folder C:\Windows\System32\Drivers. Should it be there or am I missing something?

D/l'd JRE-6u12 with no problem but install failed with usual message: Windows Installer Service could not be accessed ...

Still cannot reply to, or forward e-mail - same memory issue.

Can't uninstall various other programs because I get the "Windows Installer Service" message.

Just noticed a moment ago in Add/Remove Programs that no file size is associated with XP Service Pack 3 ... is this odd?

Anyone else suspect Vundo (as per Wolluf's comment)? Should I try running Vundofix anyway?

Here is latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:50 PM, on 2/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\SpywareDetector\SDMainService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = microsoft internet explorer provided by shaw high speed internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-21-1137815281-2507857554-3482789285-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {E2E2DD38-D088-4134-82B7-F2BA38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {E2E2DD38-D088-4134-82B7-F2BA38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11D2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 6310 bytes


Thanks again - this is crazy-making stuff!
 
Upvote 0 Downvote
dory20, try this: If it already exists, rename your existing svhost.exe which should be in the %SystemRoot%\System32 directory. Copy this file from a working machine to the problem machine. Reboot and test.
 
Upvote 0 Downvote
svchost.exe or svhost.exe, the former I think?

Your log seems a lot cleaner.

Not sure about these two, especially the last one? As long as you know why they are there.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

Do you know what these items are doing on your machine. StorefrontUpload and DriverHQ?

 
Upvote 0 Downvote
I do have a svchost in the system 32 directory. From what I understand it would not be good to find a svhost file, as they are often malware related. Is that correct?

smah: Do you mean svchost? I don't know how I could copy a file from a good machine and paste it into the system 32 directory on my bad machine without Cut & Paste or Drag & Drop functions working.

linney:The log does seem cleaner. I think these must be left overs from Teosoft's optional features:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

I can "fix" them

StorefrontUpload is from a Canadian drugstore service that allowed uploading of digital images to a local outlet for printing. I no longer use the service and will "fix" it.

Driver HQ? I have looked for driver updates at various times through this site. I can get rid of it, too.

Still a ways to go in the troubleshooting department.

Thanks all! The help is really deeply appreciated. Seems I'm even learning a bit.

 
Upvote 0 Downvote
Sorry, bad typing on my part. Anyway, as it turns out, on the problem machine that I was working with (which has the exactly the same symptoms you described in the beginning) this is what is discovered: svchost.exe was missing entirely from the System32 directory. I suspect that it was probably inadvertantly removed by some previous cleanup attempt that the machine's owner did. Based on that, perhaps a damaged svchost.exe could cause the same conditions. As soon as I copied a known good one back and rebooted, all of the Windows functional features returned. It was still badly infected, but in addition to Windows features working, now cleanup tools work, etc.[small]*[/small]

Yes, if you attempt this, I would only use svchost from a known, clean machine. Furthermore, I'd suggest to use one from a machine with the same Service Pack level in case there are any differences.

All normal command prompt functions still work even if the GUI drag & drop features don't work. Just copy the good svchost.exe to a memory stick, writeable cd, network share, or what have you. Then, boot the problem machine into safe mode, open a command prompt and type copy source\svchost.exe %SystemRoot%\System32 where source is whatever drive you're copying from. Since you already have this file on the machine, I'd rename it (in safe mode) before copying in the replacement, so that you can restore it if something goes wrong. Again, using the command prompt: rn %SystemRoot%\System32\svchost.exe svchost.bak


[small]* Sidenote: This was an interesting exercise for my own experience and I did ultimately get everything cleaned according to all the normal cleanup tools (combofix, mbam, vundofix, superantispyware, Spybot S&D, Win Defender, etc. AV software). The only application that seemed to be permanantly damaged was the Norton AV 2006 that was on the machine and out of date anyway. However This particular machine that I was working with was so badly infected with numerous things (including rootkits), that I don't trust it and will wipe & reload anyway.
[/small]
 
Upvote 0 Downvote
smah: Thank you for those details. I don't have access to an identical OS - broken machine is XP Pro and functional machine is XP Home, both SP3.

I will work on this further - must admit the learning curve is somewhat steep for me, but I really appreciate everyone's patience and willingness to help. This is an especially helpful site.

dory20
 
Upvote 0 Downvote
If they are both SP3, the svchost.exe should be the same
 
Upvote 0 Downvote
... prolonged delay ... work got in the way of computer repairs.

smah: In safe mode I did as you suggested and renamed svchost.exe to svchost.bak Then copied good file to problem computer. All OK to this point but problems exactly the same after reboot.

Install of VB6.0 seems to go OK

Still can't install jre6u12 - get message: The Windows Installer service could not be accessed. This can occur if you are running Windows in safe mode or if the Windows Installer is not correctly installed.

Still get memory error if trying to Reply, Create or Forward in Outlook Express.

BBBen: I did find mbam.system and mbam.swissarmy.sys after install of mbam even though mbam failed to load properly, giving Runtime 372 error. MBAM forum shows evidence of this problem happening.

MS ( that this error doesn't happen in XP.

Still at a loss.

Still no System Restore.

Thanks.
 
Upvote 0 Downvote
hi dory,
I believe you have spent a lot of time on this PC.
Maby it's time to change strategy.
I suggest to get a tool by wich you can access at your HD,
starting from a bootable CD:


Using these CD and a USB disk, you can save manually from
your ex C: disk, what you need (just documents, music, photos...) to USB disk, then, ... reinstal XP.

Or you can mount your disk, in another PC, as a 2nd HD
(not boot from it), and save data (DVD).
This becouse also if you can solve the problem, your
PC will remain always in a "dirty" state.

ciao
vittorio
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

I81B4U
  • Locked
  • Question
Windows 11 Volume Too Quiet
Replies
3
Views
1K
gbaughma
gbaughma
pmonett
  • Locked
  • Question
Here I am again - Windows 1 0 driving me nuts 1
2
Replies
29
Views
1K
goombawaho
goombawaho
vfp4ever
  • Locked
  • Question
Unable to reinstall old Windows versions 3
Replies
13
Views
572
xwb
xwb
Russalpcs
  • Locked
  • Question
too many different cell formats when trying to import xml file 1
Replies
1
Views
161
Russalpcs
Russalpcs
dellphone
  • Locked
  • Question
Running multiple commands in cmd using batch file question...
Replies
12
Views
2K
sbcsu
sbcsu

Part and Inventory Search

Sponsor

Back
Top