| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89701 | 2008-05-09 03:22:00 | Svchost application error | KiwiPrius (11514) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 667530 | 2008-05-09 03:22:00 | Hi Speedy Could you have a look at the HJT log below and advise whether there is anything there that may be causing the above error . It occurs when I first log onto the practice network from my PC . I am running Win Xp Pro SP2, Athlon 2 . 0G, 1 . 5 GB RAM . Also mainly use work specific practice management software (NGclin below)as well as the usual Outlook, Word, Firefox/IE 7 . The biggest problem currently is not being able to log onto secure sites despite having a vaild digital certificate . This specifically relates to instruction at 0x5018d8cd at various referenced memory locations . This has been happening ever since we had a very brief loss of power at my place of business . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 14:19:31, on 9/05/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc . exe C:\Program Files\Raxco\PerfectDisk\PDAgent . exe C:\Program Files\Spyware Terminator\sp_rsser . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Raxco\PerfectDisk\PDEngine . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\StopHid . exe C:\Program Files\Creative\Desktop Wireless\mouse_2k . exe C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield . exe C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\SecCopy\SecCopy . exe C:\WINDOWS\system32\ntvdm . exe C:\Program Files\Webshots\WebshotsTray . exe C:\WINDOWS\MHotKey . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\SYSTEM32\mstsc . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hackers Paradise R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr . dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr . dll O4 - HKLM\ . . \Run: [StopHid] StopHid . exe O4 - HKLM\ . . \Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe" O4 - HKLM\ . . \Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield . exe" O4 - HKLM\ . . \Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash . exe O4 - HKLM\ . . \Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry . exe" O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy . exe" O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O4 - Startup: Ngclin . lnk = C:\GPfox\PROGRAMS\Ngclin . exe O4 - Startup: Webshots . lnk = C:\Program Files\Webshots\WebshotsTray . exe O4 - Startup: Keyboard Hotkey Setup . lnk = ? O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR . DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - . viewpoint . com/MTSInstallers/MetaStream3 . cab?url=http://www . viewpoint . com/cgi-bin/installer . v4/vet_install_premium . pl?1&6&04 . 00 . 09 . 13&premium&unknown&http://www . toyota . com/vehicles/2006/prius/key_features/int360 . html?noreloadredir" target="_blank">components . viewpoint . com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=48835" target="_blank">go . microsoft . com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1187903299751" target="_blank">update . microsoft . com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amc . local O17 - HKLM\Software\ . . \Telephony: DomainName = amc . local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amc . local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = amc . local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = amc . local O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr . dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc . - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc . exe O23 - Service: PDAgent - Raxco Software, Inc . - C:\Program Files\Raxco\PerfectDisk\PDAgent . exe O23 - Service: PDEngine - Raxco Software, Inc . - C:\Program Files\Raxco\PerfectDisk\PDEngine . exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv . exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv . exe O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler . com - C:\Program Files\WinClamAVShield\sp_clamsrv . exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler . com - C:\Program Files\Spyware Terminator\sp_rsser . exe -- End of file - 7292 bytes Thanks for any help or suggestions you may have . |
KiwiPrius (11514) | ||
| 667531 | 2008-05-09 03:30:00 | I would get rid of Spyware terminator, you dont really need that and Mcafees . Or get rid of both and install Avast Home (free) or NOD32 (if you want to pay) . Tick these entries then tick fix checked Close browsers 02 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe" O4 - HKLM\ . . \Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash . exe Whats this program? O4 - Startup: Ngclin . lnk = C:\GPfox\PROGRAMS\Ngclin . exe O4 - Startup: Keyboard Hotkey Setup . lnk = ? Is this a work computer why its on a domain? |
Speedy Gonzales (78) | ||
| 667532 | 2008-05-09 04:55:00 | Thanks Speedy, Did as you recommended but the original error still appears at random |
KiwiPrius (11514) | ||
| 667533 | 2008-05-09 05:07:00 | Try this, close IE 7 first, to see if you can log into secure sites Click Start, Run and type the following commands one by one and press Enter regsvr32 mshtmled.dll regsvr32 jscript.dll regsvr32 /i mshtml.dll Hopefully after you register each file it'll say it succeeded. Then try again Is this computer showing the right time, and is it configured for the right time zone? It looks like, if one, or both are wrong, this can also happen |
Speedy Gonzales (78) | ||
| 667534 | 2008-05-11 21:42:00 | Hi Speedy, All except the last : regsvr32 /i mshtml.dll succeeded Error message says: mshtml.dll was loaded but the dllregisterserver entry point was not found. This file cannot be registered The computer clock shows the right time and time zone. What next? Thanks |
KiwiPrius (11514) | ||
| 667535 | 2008-05-11 21:50:00 | Try this Start/run type regsvr32 urlmon.dll regsvr32 shdocvw.dll regsvr32 actxprxy.dll regsvr32 oleaut32.dll regsvr32 mshtml.dll regsvr32 browseui.dll regsvr32 shell32.dll Close IE first. |
Speedy Gonzales (78) | ||
| 667536 | 2008-05-11 21:58:00 | All except mshtml.dll succeeded, with the same error message as previously Thanks |
KiwiPrius (11514) | ||
| 667537 | 2008-05-11 22:05:00 | Hm, try reinstalling IE 7 to fix the IE / secure sites prob. See if that fixes it It maybe a service thats disabled thats causing the secure site prob as well |
Speedy Gonzales (78) | ||
| 667538 | 2008-05-12 03:12:00 | This is adware... O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll vil.mcafeesecurity.com |
Pancake (6359) | ||
| 667539 | 2008-05-12 04:27:00 | Hi guys Reinstalled IE 7 . Was unable to uninstall it first through add/remove programmes as it came up with an error: "setup library imnsinsnt . dll could not be loaded, or function OcEntry could not be found . Specific error code is 0x7e" Clicking ok brings up another dialog box "Win XP setup . The application could not be initialised . " Would running repair from the Win Xp CD help? |
KiwiPrius (11514) | ||
| 1 2 | |||||