Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 24 Posts

·
Registered
Joined
·
665 Posts
Discussion Starter · #1 ·
I have been having ongoing problems of various nature with a WinXP laptop over the last couple of days. Note IE 7 is installed.

I have updated & run my antivirus & spyware etc and found nothing. I have tried running online scanners, but had problems with those - more on that later.

I suspect the problem may be because a few days ago the computer would not shutdown - a program was not responding & when I hit end now the window disappeared but kept coming back - I could not rid the not responding program so the only way i could shut down the computer was to disconnect power and pull out the battery. In hindsight, I probably should have pulled the battery out first then shut the power off at the point which is surge protected. I fear some damage may have been caused because of this.

Yesterday, the sound card ceased to exist - by that I mean it is listed in device manager with a problem - unable to start & no audio device is available. Obviously I need to get that fixed, but I'm wondering whether perhaps it shorted out or something and perhaps other files on the hard drive have been corrupted as well.

I'm having the following difficulties amongst others:

Unable to access one of 3 hotmail accounts - can access the same account on other computers. I think perhaps the application data for this account has become corrupted on the computer, as other accounts on the same computer are accessible.

Unable to run online scanners that require active x controls & active scripting - message says to alter these setting in IE but these settings are set as should be

Firewall is set to be automatically on, but occasionally when starting up reports as off, but then I go to control panel and it is on, except for one time I did in fact find it off, but put it back on immediately

I have installed Firefox on since these problems arose & on that I can access the problem hotmail account without problem

I suspect that some system files or user profile files may be corrupted and/or memory may be damaged.

Is there are easy utility for checking computer for corrupted files and replacing them? I realise that Windows can be "recovered" or reinstalled but reinstallation sets everything back to original file versions (then have to do lots of windows updates) - never done a recovery, but I think it's a case of you can extract a file and copy it to the drive, but you need to know which file you wish to copy first.

My question therefore is: is there a utility on windows or online which checks the integrity of your files?

Also, would creating a new user account & setting that as administrator create a brand new profile with correct file settings for IE?

Is there a repair IE option?

(Edit)

I should have added that I have already done a system restore - from a couple of days ago. I have considered whether to try an earlier date however I don't want to go too far back as I only installed IE 7 within the last week. I'm a bit relucant to uninstall that as it might cause worse problems if not uninstalled correctly.
 

·
Registered
Joined
·
45,855 Posts
Generally speaking you would want to run chkdsk on the drive -- it will repair or lockout corrupt areas of the drive. It will not replace corrupt files.

Usually corrupt files result in repeatable errors idenfifying the file. That would be a clue to replace it or reinstall the program associated with it.

You can try running:

sfc /scannow

which checks for corrupt and missing system files.

If your registry is configured correctly it may replace them automatically from backup caches. There are no prompts or confirmations when this happens.

If it cannot find a file you are prompted for disk. Unfortunately if you have udated from an earlier Service Pack you would want to point it to the c:\windows\servicepackfiles\I386 directory -- rather than use an original disk.

I can't tell you whether what it finds here though is consistent with any patch updates. But a visit to Windows update should confirm any needed patch reinstalls.

By the way, holding the power button down for 5-8 seconds on any computer should force a BIOS level shutdown -- which beats removing batteries or pulling plugs.

In most cases just removing a flagged device from the Device Manager and rebooting will reinstall it. However in some cases you may need to get the reinstall setup from the computer vendor or device vendor's site.

If you suspect a damaged User Profile, and that is a good suspicion, try creating a new one in User Accounts and test it.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #3 ·
Hi Rog and thanks,

Well I now have the sound back! I had thought of uninstalling the audio device myself, but I couldn't see much point, as it wasn't as if it was an IRQ conflict or a device driver problem - windows was reporting straight out that no audio device was present - it said it had failed to start. I did actually try the enable button and I did try updating the driver, not that I could see there was much point. Anyway obviously the sound card works - I thought I was going to have to get a new one - for some reason it just failed to start. I had restarted the computer several times, but uninstalling it did the trick so thanks.

On to other matters (and I'm happy to repost in a separate thread if you think fit):

Although I probably might learn something from running chkdsk and scandisk (which had also crossed my mind) I'm a bit reluctant to as if they automatically "fix" things or remove corrupted files they might cause more harm than I already have. I've seen that happen before so sort of keeping that up the sleeve as a last resort.

Unless you can tell me the correct parameter to use to run each without making any changes, just to get a report. (I used to know all these things especially for Win 98 but it escapes me at present).

Yes I'd have to go though the 186 cache as I have upgraded this comp from SP1 to SP2.

Thanks for the tip on the button - not sure that works on this comp (a Medion) as I've tried that before I think. Will try again next time.

I've also been thinking of trying a new user profile - one of the problems I'm having generally at the moment is that the computer is operating very slowly. The hard drive is 85% full (18gb used, 3 free) so I'm trying not to add unnecessary things - even though the profile could be deleted after testing, wouldn't it be backed up in system restore? I've tried deleting everything I can from the computer, am going to archive more things like photos etc.

The main thing of concern to me at present however is the Windows firewall. It only rarely ever did this, but at the moment whenever I turn the computer on the red icon pops up in the systray warning me of no firewalll & to switch it on - I switch it on, no problem. But I have it set to be on, so why does it keep turning itself off?

Also, I had a look in the exceptions list for firewall and found Internet Explorer was among them! Surely that would be a cause for concern? That would basically let anything & everything in wouldn't it? So I deleted it from the list. Also on the list were MSN Messenger and Windows Messenger - maybe they are required to be on the list, but should they? I recognise the other things on my list like my Antivirus and remote access programs, which need to be there. Also on the exceptions list is Microsoft HTML Application host and File & Printer sharing - I have file & printer sharing enabled on my LAN, so should they be on the firewall exception list?

Thanks for any help - if you can't help with firewall let me know & I will post separately, thanks
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #4 ·
OK, so the joy was short-lived.

The next time I restarted the computer, sound was gone again & I got the red alert on the firewall again. Also I got a notice popup on the desktop that was a scheduled task that I stopped running months ago. I deleted this notice from scheduled tasks so it wouldn't happen again (it wasn't anything important, just a prank notice my son put on). I decided to bite the bullet and restored to a bit over a week ago. Started up - joy, there was the volume icon and NO red alert on the firewall.

Decided to uninstall MSN messenger as I suspect it being a culprit for many evils. I restarted - no sound, and red alert again.

It appears that each time windows starts it is reinstalling a damaged registry - or perhaps the function that saves the registry is damaged.

Where to now? Apart form a reinstall of windows which I'd rather not have to do?
 

·
Registered
Joined
·
45,855 Posts
Chkdsk as run normally without any parameters or special options -- only checks and reports errors. To fix them you must either run chkdsk /f from a command line -- or if running it from within Windows check the option to automatically fix errors.

http://support.microsoft.com/default.aspx/kb/315265

Obviously I'm not sure what is happening with the system, so post a HijackThis scanlog.

Also let me know if you have Windows Automatic Updates enabled -- and there are pending updates. This sometimes produces strange errors when the updates do not complete their installation -- including sound card issues. Usually they are accompanied by "svchost" (generic host processor) errors on startup.

Some issues with the profile and corrupted registries can be resolved by installing this utility from MS:

http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

Have a look at the Event Log (both system and applications): run eventvwr.msc and double click any recent errors, use the double paper copy icon to copy the descriptions to the clipboard and paste them here.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #6 ·
Hi Rog,

Thanks again. I seem to have the audio fixed - I downloaded an updated driver from the manufacturer's website, thanks to another poster.

I thought I had the firewall fixed also - I wondered whether it was the fact that one of my startup programs (Adobe Cue CS2) was an exception that it might have been opened, but that never happened before. I had deleted a few things from the exception list which I thought had no business being there and following that I had a few restarts where the dreaded red icon didn't appear. However it has started up again.

Interesting what you say about automatic windows updates. I never had any trouble with these, then some time ago I noticed that everytime the yellow icon came on it would say "downloading 0%" and stay like that and then disappear. It seemed I was trying to get my updates but they didn't download. So eventually I went to the windows update site and found that along with IE7 (which I had chosen not to download at that stage) there were quite a few other windows updates. I downloaded the windows updates, and a while after that I decided to download the IE7 in case my rejection of it was the cause of the automatic downloading "stall"

Things seemed to be going OK since then in terms of windows updates. I haven't had any of those error messages you mentioned, and I have been back to the windows update several times and found no more critical updates required.

I have automatic updates set & to install at 3am (obviously I'm not normally on the computer then so I imagine they would install on next boot up - or do they?) Would I be better off selecting to download them but let me decide when to install?

I'd like to clear up this firewall issue because it's unsettling seeing that happen every time the computer starts.

Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 6:56:50 AM, on 6/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Howard Moutrie\My Documents\Anne\Computer\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to autodown.exe.lnk = C:\Program Files\CA\eTrust Vet Antivirus\autodown.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?319
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_12_0.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

Error logs

These are the most recent (last 2 days):

Application -

(The first one always happens) - note I do not have a fax installed:

Event Type: Warning
Event Source: Microsoft Fax
Event Category: Initialization/Termination
Event ID: 32068
Date: 6/01/2007
Time: 6:48:10 AM
User: N/A
Computer: HOWARD
Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 5/01/2007
Time: 7:03:45 PM
User: N/A
Computer: HOWARD
Description:
Hanging application mmc.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 6d 6d 63 2e 65 78 mmc.ex
0018: 65 20 35 2e 31 2e 32 36 e 5.1.26
0020: 30 30 2e 32 31 38 30 20 00.2180
0028: 69 6e 20 68 75 6e 67 61 in hunga
0030: 70 70 20 30 2e 30 2e 30 pp 0.0.0
0038: 2e 30 20 61 74 20 6f 66 .0 at of
0040: 66 73 65 74 20 30 30 30 fset 000
0048: 30 30 30 30 30 00000

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 5/01/2007
Time: 6:28:41 AM
User: N/A
Computer: HOWARD
Description:
Hanging application WINWORD.EXE, version 10.0.6804.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 57 49 4e 57 4f 52 WINWOR
0018: 44 2e 45 58 45 20 31 30 D.EXE 10
0020: 2e 30 2e 36 38 30 34 2e .0.6804.
0028: 30 20 69 6e 20 68 75 6e 0 in hun
0030: 67 61 70 70 20 30 2e 30 gapp 0.0
0038: 2e 30 2e 30 20 61 74 20 .0.0 at
0040: 6f 66 66 73 65 74 20 30 offset 0
0048: 30 30 30 30 30 30 30 0000000

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 4/01/2007
Time: 10:43:20 PM
User: N/A
Computer: HOWARD
Description:
Hanging application iexplore.exe, version 7.0.5730.11, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 35 37 33 30 2e .0.5730.
0028: 31 31 20 69 6e 20 68 75 11 in hu
0030: 6e 67 61 70 70 20 30 2e ngapp 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 30 30 30 30 30 30 30 30 00000000

System:

(This one always happens):


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 6/01/2007
Time: 6:48:02 AM
User: N/A
Computer: HOWARD
Description:
The ASPI32 service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

·
Registered
Joined
·
45,855 Posts
Ok, a few comments. I don't use Automatic Updates myself, but if I did, I would want to install them at a time of my choosing. That's just a control thing, wanting to see exactly what is happening.

On the "fax" error, I can't tell from the scanlog whether there is an associated "Microsoft" service enabled, since Hijackthis ignores MS services by default. But check this whassup:

http://www.eventid.net/display.asp?eventid=32068&eventno=2210&source=Microsoft Fax&phase=1

The firewall is a real puzzle. I don't see any conflicts from another one, it doesn't appear your ETrust installation includes one.

If you think for some reason your Adobe "Cue" service might be a culprit you can try disabling that in the services profile. (run services.msc)

You can also try doing a "clean boot" but this is a bit labor intensive.

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

See this link for detailed information:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in "selective" startup mode - you should note what these are before beginning. They will need to be de-selected again.

For the aspi32 problem, I was going to recommend an install from Roxio -- but I have none of the files it checks for and reviews of the installer are bad. If you are not having any problems with CD burning software, I guess I would ignore the error. If you are, reinstall the software.

Check the services profile for an "aspi32" service; I don't think there should be one.

Check the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
 

·
Registered
Joined
·
3,775 Posts
I would definately run chkdsk /r to eliminate any possibility of disk writes to bad sectors, and then run sfc /scannow

You don't really have to know which sectors are bad to know that you don't want to use them. The utility will attempt to recover files from bad sectors and move them to known good sectors. Knowing the physical disk address of a bad sector is of little use or consequence to the user.

Corrupt system files cause intermittent but repetitious errors when parts of Windows loads, depending on which parts of the dll's, etc. are being used. When Windows loads a dll file into memory, it doesn't necessarily use all of the file, just the requisite pieces to perform the task at hand. If the corrupt portion of the dll is not needed or used, then no error occurs. You won't necessarily always get the error, but it won't go away, either.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #9 ·
Thanks for the responses guys.

The firewall hasn't popped up the last few starts - I disabled Adobe Cue from the start menu and also took it off the exception list. I suspect someone has been enabling these when asked while using the program but as a permanent exception rather than a per use basis. We'll see how long it lasts.

I'll hang on to your other suggestions in case it recurs & I can investigate further. I had no idea the Aspi32 was related to Cd burning software, but the software works OK so I won't worry at present. I'm not running a fax so I don't care about the other error in the log.

I understand about selective start up & yes it can be tedious so unless the problem won't go away I'll hang off that.

Re the chkdsk and sfc - it is possible to do this from within windows under disk tools or should I do it at the command prompt - I guess the command prompt is the preferred method - but do you think the windows tool will suffice or is it pretty useless?

I did actually run chkdsk from the windows tool but didn't check to fix any errors or replace system files as I just wanted to see first what the status was - when the scan finished though no report was presented - I thought there would be some sort of log report - tried to find it on my computer elsewhere but wasn't sure where to look. Anyone know?

I'm always a bit hesitant to run sfc as you don't know what files it might use as replacements - and possibly the backup files in cache might also be copies of a damaged file. I guess you can always install from the Cd - of course they are the original versions then - theoretically one should be able to just then go & reinstall windows updates but
this can get a bit messy sometimes when the updates are already installed, you put certain files back to previous versions then attempt to have update recognise that you still need these files updated.

Anyhow I'll see how we go for a few days & if there is the odd glitch will live with it - if we start getting serious errors I'll run the sfc as there's nothing to lose then short of a reinstall.

Thansk again guys - I'll post back how I go.
 

·
Registered
Joined
·
45,855 Posts
If you encounter the firewall problem again, here are a couple command lines which will reset the Winsock stack and the firewall. The first is sometimes a source of firewall errors.

Start > run: cmd and at the prompt type and enter each line:

netsh winsock reset catalog
netsh firewall reset


You will need to reboot afterwards

The best way to run chkdsk is either in Safe Mode or from the Recovery Console using the command line options. This tends to ensure the disk is unlocked and no conflicts.

The report for chkdsk can be found after running it in the Event Viewer > Applications > Winlogon entry.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #11 ·
Great Rog, thanks for that.

Firewall has been behaving so far - it must have just shown up as off when I started up because of the program that was opening it on startup.

Since my last post, I've run disk check from windows tools - this time, electing to fix errors (just disk errors, not system files) - again, as before, I got no report - just "disk check complete" - so I take it there were no errors?

(Edit) - sorry, hadn't finished reading your post (didn't scroll down far enough!) - I will also run chkdsk from safe mode as suggested, thanks.

(update) - I just went into safe mode, command prompt. Ran chkdsk c:/r and got the volume locked message - so I selected to do on next start up. I then put in exit to leave the command prompt and went back to the safe mode screen of all black with safe mode in the 4 corners - nothing else showed up. So I powered down using the 6 seconds on the button as you previously suggested (thanks). I then started up again, but chkdsk didn't run - I went straight to a normal windows log in ???

I also had a look at the link re Microsoft Fax - have uninstalled, so that will save my computer a bit of extra work, thanks.

I also had a go at creating a new user account but the hotmail problem (one account not being able to access messages & all accounts requesting to log on twice) still remained.

Interestingly, on Firefox this morning which I installed yesterday I think (and on which all hotmail accounts work fine), a message popped up about the certificate not being able to be verified. However when I clicked the security icon it gave a "website trusted by verisign" with certificate listed with details. I had the option of allowing it permanently, for the session or not at all. I allowed it and Hotmail continues to work fine.

I checked the security icon on the Internet Explorer version of Hotmail and the ID number of the certificate, date of expiry, etc is all identical to the Firefox one - and expiry is not till August. I'm wondering whether at some stage the option to accept the security certificate came up on Internet Explorer and was perhaps accepted for that session only or not at all?
Other people use this computer and may have done so.

Could someone please explain how these certificates work, and in particular, if a certificate has been revoked by user, how can you reinstate it?
 

·
Registered
Joined
·
45,855 Posts
Almost everytime you visit a Microsoft domain these days -- if you are asked to log in -- you are also prompted to download a new security certificate for the server. It's a real annoyance and I don't know why it is happening except they are using so many different servers.

If the problem with Hotmail does not occur in Firefox -- then I guess we have to assume this is an IE problem -- have you cleared all cookies, cache and history? Normally this does not carry over to a new User Profile -- but this might not be the case here.

Check your Cookie (privacy) settings and make sure they are just on "medium" or "medium high" -- which is what I use.


Also verify that your system date is correct -- if this is off it can affect how cookies are saved or read.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #13 ·
Hi again Rog,

Well that's the strange thing - I have cleared all cookies, temp internet files, history, forms and passwords, as well as the SSL cache. I can't think what else there is to clear.

The weird thing is that the other 2 hotmail accounts work, albeit needing to sign in twice every time. But one account can't get past the inbox - no messages open and you can't sign out of the account, compose a new message or anything else.

Yet this same account works on the same computer in Firefox, and on other computers in IE.

You'd think if it was an IE problem it would affect all 3 accounts on this computer at the least if not on other computers wouldn't you?

As I said I did create a new user profile, though I didn't log out of the original profile before logging in to the new one - Perhaps if I'd also logged out of the original profile it might have made a difference - I thought it would automatically log me out when I logged in to the new one but when I went to switch back, both users were shown as logged in, just that one was the operational one at a particular time.

The cookies are set to medium, I have tried enabling all 3rd party cookies as well, and allowed all msn/passport sites on the allowed list. In short, I have done everything possible to allow access. I even tried lowering the security level to "allow all cookies" at one stage.

Besides, it doesn't affect the other 2 accounts, which were operating OK on the same cookie settings.

I know that various people's accounts are held on different servers - as you say, they have several - but it can't be a server problem as I can access it from Firefox & other computers. But maybe there is a problem with the way this computer authenticates that particular server in IE - which is why I was questioning about how these certificates work - again though, the Firefox application is using the identical certificate so I am stumped.

Thanks for your continued interest and suggestions.
 

·
Registered
Joined
·
45,855 Posts
Well I'm afraid I'm as puzzled as you are; I'm wondering how you access this Hotmail account -- is it from a specific shortcut of any kind? I can recall having issues when the Hotmail servers were changed and no longer worked from the shortcut I was using -- the answer was to go through the MSN Home Page first.

Make sure the address Firefox is going to is the same as the one IE goes to.

You can also probably rule out any 3rd party conflicts (though this seems an unlikely reality) by booting in Safe Mode with networking support. Choose the built in Admin account -- not your normal one.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #15 ·
No, that was one of the first things I tried (not using shortcut). It happens whether I type www.hotmail.com in the address bar, go via the link on ninemsn.com or any other way.

I'm pretty sure it's the same address (not at the computer at the moment), I know the security certificate is definitely the same on both firefox and IE.

It's just totally weird. I played around with the certificates a bit - I tried installing the certificate on the IE page in case there was some problem there, and it installed OK. The ID on this certificate is exactly the same as the one found on firefox - but the one from IE is listed under the name login.live.com and the one from firefox is listed as c.msn.com. That's the only difference.

For now I just use firefox to get hotmail - it's no harder but I like to get to the bottom of things! Thanks for your interest.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #17 ·
Well first I found and checked the certificate on the website itself - in each case by clicking on the security icon (padlock) and also in IE by clicking on Page - Security report.

On my computer, in Internet Explorer, under internet options/tools/content/certificates I now have login.live.com listed under other people - issued by Secure Server Certification Authority. Under Intermediate Certification Authorities I have 4 lots of certificates from Microsoft Secure Server authority - 2 are expired and 2 are OK. Also 4 lots of Microsoft Internet Authority - 2 expired, 2 OK. The Secure Server Certification Authority is listed under Trusted Root Authorities.

On Firefox under Options - Advanced - view certificates the c.msn.com certificate is listed under websites and it is issued by the Microsoft Secure server authority.

However, whether on IE or Firefox the certificate reported on the website itself on the privacy report is the same ID, and is issued as login.live.com and is issued by Secure Server Certification Authority.

Therefore, the certificate on the IE website actually matches the certificate listed in my IE certificate store and is issued by the same authority.

The certificate on the Firefox website matches the certificate on the IE website and in the IE certificate store, but not the certificate found when looking at the certificate store from the Firefox options.

As an aside - certificates which are expired and invalid - should they be deleted from the certificate store?

Addendum:

I've just checked on another one of my computers and there are no certificates for login.live.com on internet explorer and none for c.msn.com on firefox, yet I can access hotmail from either browser. I'm a bit worried - are these certificates I've installed maybe not valid? I'm happy to delete those certificates as long as I will still be able to access hotmail on that computer - it was when using firefox on hotmail that I was prompted to download that c.msn.com certificate.
 

·
Registered
Joined
·
665 Posts
Discussion Starter · #18 ·
Hello, I've just tried to log in to hotmail on another computer and been presented with the same certificate warning I received the other day - attached screen shot.

When I click examine certificate, it is issued by Microsoft Secure server authority.

When I click the security icon on the page, it states that the website has been verified as login.live.com and issued by Secure Server certificate authority.

I would think that both Microsoft secure server authority and Secure server certificate authority could be trusted, but why does the certificate on the webpage not match the popup asking to be accepted?
 

Attachments

·
Registered
Joined
·
45,855 Posts
I have no idea what's going on with them. I get this one from time to time.

I don't know where these go -- I can't find it in the certificates list viewable through Internet Options or in Opera's cache.

I presume the different format of the message is browse related. I normally connect with Opera.
 

Attachments

·
Registered
Joined
·
665 Posts
Discussion Starter · #20 ·
Well what I can tell you, is that on Firefox, Microsoft Secure Server Authority is not listed under "Authorities" - therefore, I presume I got the message about not being able to verify c.msn.com - since it was issued by MSSA, a non-listed authority on my Firefox browser.

On IE, I don't get c.msn.com popup, but I have MSSA listed as an Intermediate Authority, which is issued by Microsoft Internet Authority. In turn, MIA is an Intermediate Authority issued by GTE Cyber Trust Global Root, and GTE CTGR is on my list of Trusted Root authorities - so it's quite a chain, but there nonetheless. I also have 2 other entries for MSSA issued by MIA which are not valid as they are out of date, entries for MIA issued by GTE Cyber Trust Root (note subtle difference to previous GTE name) which are not valid as they are out of date, and an entry for GTE Cyber Trust root issued by Root SGC authority, which is not verified by windows as it does not have enough information to verify - Root SGC authority is not listed on the Trusted root authority list, so that would be why GTE Cyber trust root is not verified, and hence why the other certificates down the chain issued by it are also not valid. On the trusted root listed there are entries for GTE Cyber trust root which are issued by GTE cyber trust root and these are not valid as they are expired. However there is an entry for GTE Cyber trust global root, issued by GTE Cyber trust global root, which is current.

So it looks to me like GTE Cyber trust global root took over from GTE Cyber trust root.

Are you still with me? !!!

Again, are you able to tell me whether I should delete those certificates which have expired, or does it not matter?

If I was to delete the valid certificates in Intermediates (MSSA, MIA and GTE cyber trust global root) - as long as I have GTE cyber trust global root in my trusted root authorities, would those be regenerated next time I visited a page that required them? I'm wondering if with that long chain whether although each link in the chain is verified, that maybe the dates of each don't overlap correctly, or something? However I don't want to muck around with these certificates if it risks not being able to access secure sites.
 
1 - 20 of 24 Posts
Status
Not open for further replies.
Top