Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows Vista Windows Vista
Search Search
Search for:
Tech Support Guy > > >

WerFault / Application Errors


(!)

MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
22-Apr-2009, 02:52 PM #1
WerFault / Application Errors
Ugh.

Vista Home Premium. Received the dreaded WerFault.exe Application error THAT WILL NOT CLEAR (unknown software exception 0xc00000005 occurred in the applicaiton at locatoin 0xc00000005).

NO OTHER APPLICATIONS WILL RUN (ALTHOUGH IT'S CLEAR THERE IS AN ATTEMPT). PROBLEM SEEMED TO FOLLOW Outlook hanging on a send email through file manager (hung twice). A reboot brought forth THE BEAST!

I have tried turning off problem reporting (no luck, no reduction in problem severity) and even a system restore (target remains!). I also attempted to reset winsock. A quick review of processes shows something like a gazillion (technical term) WerFault processes. My attempts to terminate and block via Comodo are useless. Windows Defender and Comodo both found nothing on virus scans BUT...

At one point, through tinkering, I was able to get Application Errors on start-up of 5 previously stable programs including RunOnce, AdobeCollabSync and WZQKPICK (WINZIP) Wn111 and daemon. These errors could be cleared but then when I attempt to launch an application I would receive an Application Error for each and every attempt.

ideas?
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
23-Apr-2009, 10:57 AM #2
Have you determined whether specific applications are faulting? Check the Event Viewer (run eventvwr.msc) and look at the Applications log

Also I am not sure what you mean when you tried System Restore. Did the restore complete sucessfully to a date well prior to the problem?



There are a couple of methods that should be able to turn WER off in Vista, which did you use?

If you have gpedit.msc >> http://www.nirmaltv.com/2008/08/09/h...windows-vista/

Or just turn off the service, run services.msc and stop and disable it from there.

You may have substantial registry or other file system damage. Have you run chkdsk?

Does the problem occur in Safe Mode or in a Clean Boot? >>

CLEAN BOOT TROUBLESHOOTING technique

First, restart in Safe Mode if necessary -- (tap the f8 key promptly on startup and choose the Safe Mode option from the boot menu) or Normal mode

Then:

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.


Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in “selective” startup mode – you should note what these are before beginning. They will need to be de-selected again.


http://support.microsoft.com/kb/929135 << written for Vista but apples equally to XP
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
24-Apr-2009, 01:27 PM #3
Great questions...largely complete reply
1. The applications that are faulting at startup are referenced in the pop-up messages. These being with runonce.exe and include 3 others (which I have written down if you need them). All ran successfully until very, very recently. All would appear to be TSRs that launch at Startup. Thereafter, any application I attempt to run will generate the message.

2. System restore finished successfully. This simply rolled back a Quicken 2009 installlation but did not solve the problems.

3. I turned off Problem Reporting through the control panel.

4. I tried adding Werfault.exe to Comodo's terminate and block list (no improvement).
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
25-Apr-2009, 11:37 AM #4
You need to determine whether any errors occur in Safe Mode or in a Clean Boot.

If any specfic applications are faulting they need to be disabled or reinstalled. Let me know which ones are repeatedly faulting.

You can check to see whether Windows Error Reporting is disabled in services.msc

If not, I would disable it and reboot.

Chkdsk should also be run on the drive. It may not fix current problems, but may prevent future ones.

http://www.windows-help-central.com/...ta-chkdsk.html

Once chkdsk reboots the results can be found in the Event Viewer (run: eventvwr.msc in the Applications > Wininit entry. This could be reviewed and uploaded here as a text file

Finally, post a HijackThis scanlog

Download and install HijackThis. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

http://www.trendsecure.com/portal/en...ols/hijackthis
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
25-Apr-2009, 02:32 PM #5
Quick question
Rollin,

1. Thanks.

2. Away from PC (traveling). Will follow your advice and circle back.

3. One point of clarification. If I successfully disable WER won't I then struggle to diagnose the problem? Should I leave the bugger up (still running chkdsk, etc) then? Or will there still be errors that event viewer will see?

4. Are you a fan of taking a cheap swing at the fences and resetting winsock? All of the "offending" programs at startup have connectivity functionality.

Thanks again. I will dig into the problem with the sharp knives.
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
26-Apr-2009, 10:37 AM #6
No, WER does little or nothing to diagnose a problem. It just sends feedback to MS and if there is a known issue (usually rare) you will get back a web page with some suggestion such as the fault is occuring with a pariculular vendor driver -- update that.

But error messages will still be available in the Event Viewer and you can research them independently from there.

For BSODs, the dumpchecks will still be created as well.

When you do get continuing errors open the Event Viewer (run eventvwr.msc) and look at the applications and systems logs. You can copy those recent repeating errors and paste an example of each ere.

You can also individually research some using their Event ID numbers and an additional descriptor at these sites:

http://www.eventid.net/

http://www.microsoft.com/technet/sup..._advanced.aspx

This last is actually what WER consults in most cases.



As for Winsock, there is no risk in resetting it other than you may need to reinstall your security program if it uses it. If you want to post an HJT I can tell you if it does.

Download and install HijackThis. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

http://www.trendsecure.com/portal/en...ols/hijackthis


But it's always a good idea to create and test a system restore point before doing so.


Another thing you might want to try doing is to create a new User Account and log into that. You may be experiencing errors due to registry damage of the User hive and programs associated with it.
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
28-Apr-2009, 07:15 AM #7
Update (diagnostics)
Thank you again for your help.

Okay here we go...

1. Problem does not occur in Safe Mode.

2. I cannot stop Windows Error Reporting Services (Werfault.exe) using services.msc. Returns error 1053 Service did not respond to the start or control request in a timely manner.

3. I cannot install HiJack This or any other application. Icon spins up and then just dies.

4. I cannot UNinstall offending programs noted in the WerFault.exe. I receive an error (no code).

5. Ran Chkdsk and as predicted there were errors (log will be posted below). Notably, deleting corrupt attribute record (128, "") from record segment. There were 7 occurrences.

6. Comodo continues to update its anti-virus package and its scan found a virus which I quarantined (Heur.pck.pklite32).

7. I checked the Application logs and the Event ID is 1001 (AppHangB1) for the gazillion Information alerts from Error Reporting. BUT PERHAPS THE BIGGER DEAL, might be the Error Messages from Side by Side (event 78). I'm out of my league.

8. Reset Winsock and no improvement in problem.


Check Disk Log

Level Date and Time Source Event ID Task Category
Information 4/27/2009 12:22:18 AM Microsoft-Windows-Wininit 1001 None "
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP.
A disk check has been scheduled.
Windows will now check the disk.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x62c08e for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x62c08e for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26c8f is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 158863.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x640634 for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x640634 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2df57 is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 188247.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x674e4b for possibly 0x3 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x674e4b for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2e2a1 is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 189089.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x62b7e8 for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x62b7e8 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2e39c is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 189340.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x64f117 for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x64f117 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x2e3e0 is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 189408.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x519345 for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x519345 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x30215 is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 197141.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x64045f for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x64045f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x3103a is already in use.
Deleting corrupt attribute record (128, """")
from file record segment 200762.
242496 file records processed.
1165 large file records processed.
0 bad file records processed.
0 EA records processed.
50 reparse records processed.
The index bitmap $I30 in file 0x5e2d is incorrect.
Correcting error in index $I30 for file 24109.
301536 index entries processed.
CHKDSK is recovering lost files.
Recovering orphaned file UP69B5~1 (3204) into directory file 24109.
Recovering orphaned file update[5] (3204) into directory file 24109.
Recovering orphaned file ANCAHI~1 (3285) into directory file 24109.
Recovering orphaned file ANCAHIKE2MCA485N9TCA8ZPINICA1EE3WQCAO9LTCFCA6IG3Z3CAM736AHCADQ9FTRCA5SRRWPC AY38SGECAALAN8HCAE3NX41CA11JL87CA4GOG9ECA4PJOD2CAX0I14ECAMIYQTQCA2LHLMWCACK 2MZSCA2JYW29 (3285) into directory file 24109.
Recovering orphaned file desktop.ini (131329) into directory file 24109.
Recovering orphaned file 27CAI4~1 (133446) into directory file 24109.
Recovering orphaned file 27CAI4YTGACAIXLMXKCASOLWB8CA4M9M3VCA4KBM3XCAAK19B8CAURFFS2CA6WPSI3CA03FQBMC ALW8TKWCAZB7JQKCAVFSAEYCAHMG9HCCAY7F5XBCACS7FT8CAQWEVEDCAS1VYPBCAHY6D22CA1Q 137SCAIH9N6X (133446) into directory file 24109.
Recovering orphaned file LAYOUT~1 (134487) into directory file 24109.
Recovering orphaned file Layout[1] (134487) into directory file 24109.
Recovering orphaned file IDCAEN~1 (135450) into directory file 24109.
Recovering orphaned file IDCAENPSAECAZMWPYICAL78I3TCA6Z0YWACARYTRYYCAXNLMMWCAJJ6G6ZCAA619YICAZBNWZWC AYIMHZ0CATO6KJ1CAX6I0ROCABYNTR1CA4HHLDRCACSIQD3CAPW0JS8CABJ2K69CASZGGTZCA0P TM8TCAZDMWPY (135450) into directory file 24109.
Recovering orphaned file KTCA4J~1 (148237) into directory file 24109.
Recovering orphaned file KTCA4JP01WCA0RP35XCA3KLCZPCA3F8EGKCAL7CA81CA6ULK4ICAO6PV3QCAV93KI3CA56T9VQC AWG0Y54CA4DXLH4CAVTER1WCAEIGU98CAZR9VD7CA1UQTAICAWM5PJPCAKOQGZ3CAHSH2L5CA45 RONJCA3SI9IK (148237) into directory file 24109.
Recovering orphaned file 6PCAZ7~1 (153846) into directory file 24109.
Recovering orphaned file 6PCAZ73J88CAG6RKWJCADZI9AACAK6685KCAHZT7UPCANAPN0LCAB1G7DACA4NKV4YCAGIXLY2C ASO9DT3CA9YOTZJCAHNWS4OCAZYT9TBCA4T3AOICAK7A0DJCAGATOYWCA5HCCWDCAHFNX0QCA0U OP7RCAWMHBCG (153846) into directory file 24109.
Recovering orphaned file U2CA7W~1 (154240) into directory file 24109.
Recovering orphaned file U2CA7W3SELCACG2LHNCA8UNZD1CAXZF0KFCARZZKP7CAM7AINICA84H3OLCA1RETIQCAAFLQAHC ASGD18UCAO6OA0JCAMSF9A8CAYSKS7ICA0BWRAACAO05K7SCAEQLF6NCA5SM10HCAN887LACAIT D38ZCAR19NWW (154240) into directory file 24109.
Recovering orphaned file HWCALD~1 (154324) into directory file 24109.
Recovering orphaned file HWCALD967DCACF0YUOCAVXXCSYCAWXLZBUCAHLTOU7CAK2UK2TCAXSAEYTCA0AI23JCAEJHHOAC A8LX32UCAR1GOXCCABTQAN7CA2RLXQ3CAYQ3XBFCA303MU2CA4X4TKDCADMKOI6CA8FIFVXCAIY B6M1CAQ35FGG (154324) into directory file 24109.
Recovering orphaned file JYCA2F~1 (154693) into directory file 24109.
Recovering orphaned file JYCA2FE2MECAF1KFDLCAVJ5FIRCAQ2D093CAVVQ0QFCAXIUVL6CA8L1JHQCAYVN7I3CAO7MSU3C A8CXPFSCAWPN7T8CAYK9JIZCAC49XAGCAA08SLJCAM4OJ6LCAD1N86XCA6UXBBICA0GLHVACAUB 9S43CAR1L0G9 (154693) into directory file 24109.
Recovering orphaned file 3NCADN~1 (155451) into directory file 24109.
Recovering orphaned file 3NCADNDCXGCAU89ZILCAETYDKBCAMJMS80CARKTDB1CAGU7TLUCA3NAWNLCA84ZD3ICA8EKTBZC A5J1ZX9CASJ4KZ2CASC1B9YCAE4571FCADUG8M0CA8QWCQ5CA40G88OCAOIQF9ACAVHEG6ECA5G X8CECARAUJQK (155451) into directory file 24109.
Recovering orphaned file UYCATO~1 (157463) into directory file 24109.
Recovering orphaned file UYCATOJ4GBCAAM3OFYCA7PIN9BCADADC6LCA6HVO65CA55HVRLCAKH10H6CAPVNSUHCAZHDNMOC AL4LGNJCAQUNWXACAVL9XEVCAR2JW3ICAT42IBLCAHMMOTHCAULA4J5CAXZCMF9CAE1RW6ICAZ8 OU9MCA3V4XVB (157463) into directory file 24109.
Recovering orphaned file FAVICO~1.ICO (158863) into directory file 24109.
Recovering orphaned file favicon[1].ico (158863) into directory file 24109.
Recovering orphaned file UPDATE~1 (177568) into directory file 24109.
Recovering orphaned file update[1] (177568) into directory file 24109.
Recovering orphaned file UPDATE~2 (177762) into directory file 24109.
Recovering orphaned file update[2] (177762) into directory file 24109.
Recovering orphaned file V6CA3N~1 (177950) into directory file 24109.
Recovering orphaned file V6CA3NHLB8CA43TB8BCA1YVPVKCA72ME8KCAIEOEDGCA5F4411CACUH118CAAW9LBDCA9PHZ55C AQKF4HSCA5SQTQQCAV2030PCAZVXBQECACVET3UCAB7YQSCCAJQK8FVCAJBYXN4CAMUN952CAZ9 0PLJCA2UDUVT (177950) into directory file 24109.
Recovering orphaned file UP89B5~1 (178427) into directory file 24109.
Recovering orphaned file update[9] (178427) into directory file 24109.
Recovering orphaned file B7CAXJ~1 (179954) into directory file 24109.
Recovering orphaned file B7CAXJPMKVCAP6NY0VCA7PS8LRCANHVY14CA8E2N4GCAL3N7OACA3GQVRFCAEDDSKOCAP2U9U6C ABLO3HACAXUW61ZCA1BBA7BCACUD1VWCANPRBP7CA49RBPFCAEFTCOJCATAII68CANF9AI6CATL LBFMCA6WLA33 (179954) into directory file 24109.
Recovering orphaned file FOCAEP~1 (180466) into directory file 24109.
Recovering orphaned file FOCAEPS70YCALX5P5HCA0JK88TCA37AKJJCAJ1IXMHCAY7FQOVCAANJVJ0CAQN2E9VCAL1BKSGC A8ASOUTCA9WLVCACAGCRD56CAZ0OK8MCAO98RPKCATKUYCBCAJ8RTMGCAW14G8JCAN5DJFPCACI SS2RCAIUKJ9B (180466) into directory file 24109.
Recovering orphaned file UVCAO7~1 (180472) into directory file 24109.
Recovering orphaned file UVCAO76UW0CAL9HENFCA8C9PJUCAHZJEZXCAKM5YSNCAVKTVFMCAQ4LMRNCAKZEG53CA15X8T7C AGF5BJQCAJ1XZZ9CAW0MQT8CASKEI6HCA0CKRD2CAEK1V7XCA5VVJ1ACAKBF8ATCANIDC4SCAB8 FGFSCA5E5EL2 (180472) into directory file 24109.
Recovering orphaned file 061-45~1.DIS (183189) into directory file 24109.
Recovering orphaned file 061-4512.English[1].dist (183189) into directory file 24109.
Recovering orphaned file 061-46~1.DIS (183823) into directory file 24109.
Recovering orphaned file 061-4609.English[1].dist (183823) into directory file 24109.
Recovering orphaned file 061-57~1.DIS (186984) into directory file 24109.
Recovering orphaned file 061-5797.English[1].dist (186984) into directory file 24109.
Recovering orphaned file 061-58~1.DIS (187778) into directory file 24109.
Recovering orphaned file 061-5815.English[1].dist (187778) into directory file 24109.
Recovering orphaned file FUCA8G~1 (187888) into directory file 24109.
Recovering orphaned file FUCA8GKKBYCAM4SNCPCAIAPEJJCA8C28D4CAL21NVDCAL7HSDTCA00GE6LCAP3T3O4CAG0D68ZC A9300G1CAAW0ST3CABOP8S3CA4B5CV6CA2DND2CCADPEQMKCAXTO6B2CA3CFYVGCA0H3OEACAUX NP4VCA3DDAWW (187888) into directory file 24109.
Recovering orphaned file DPCA91~1 (187897) into directory file 24109.
Recovering orphaned file DPCA91NT4UCA3LJMK8CAWW2V2XCA41RMZYCA0BTJJMCAREDSGPCAXLHIV7CANRKYA8CAHY4P2CC A3DKU07CAD2RG28CA72UFL5CA9MFYJFCAR8HU46CAW4DAKJCA1ZAEJ1CAZYA1S8CAMO29CRCAY3 KK6MCAYNBWO7 (187897) into directory file 24109.
Recovering orphaned file 3CCAWW~1 (187903) into directory file 24109.
Recovering orphaned file 3CCAWWC68CCA720C74CAI7A2J2CARNXLYUCA5VEIAZCA1TRAS2CADNM8ZCCA3NZAUICAEY2RXKC AZ9ZY49CA4EYXTOCANYPGNNCAXCPLIYCA9YHG12CALG223ZCA9WYRBHCAQYL3PICA5IJI1ACA3B U96JCA3I0MAV (187903) into directory file 24109.
Recovering orphaned file KSCAX1~1 (187953) into directory file 24109.
Recovering orphaned file KSCAX1MWZ8CAQWK1OKCA8X98NFCA8YJ9UYCAVTA518CA0PEMMSCAUUVYEPCAIZQT1RCA0G53A7C AOM431HCAT1GU4RCAP46HRRCALOCYNZCA8DHW19CA0T6FAPCAXONFJ3CAZGHB1OCA0ZL73OCAZU 1K7FCARRZ574 (187953) into directory file 24109.
Recovering orphaned file G8CAS3~1 (188004) into directory file 24109.
Recovering orphaned file G8CAS3L5PJCA2VKSOBCAKYR523CA11JXV3CAWKLVPPCA52MBT1CA30MFTHCA7ZEWT5CAHF3VNKC A152RBICARV03XCCAP0JMO6CAVXX9AJCA6JD35FCAPLHTGBCAM72TV7CAVJ217XCAKN4LR7CAI2 W9NRCAYJVHOA (188004) into directory file 24109.
Recovering orphaned file UP79BD~1 (188044) into directory file 24109.
Recovering orphaned file update[6] (188044) into directory file 24109.
Recovering orphaned file E5CAD9~1 (188103) into directory file 24109.
Recovering orphaned file E5CAD92WG7CAP6J3NBCA3AE8HTCAIW3RT3CACU3PS3CAAXR8FHCAQ25BFJCAPBCDDACAUUF14EC AG1NU0ZCAFB11XNCAAIBWFBCAAGEHFMCAT46VL5CAN5S98NCAE7TSI0CAK3ITYTCAABWC3GCASY 99D7CAH0XGQK (188103) into directory file 24109.
Recovering orphaned file OJCAQ8~1 (188133) into directory file 24109.
Recovering orphaned file OJCAQ8J9L7CANRO83HCAH8ITT7CAXKT91CCAWQF9YOCASP5559CAPGPA17CAOQIBI7CA3XT4BVC A3VPL8PCAFAHCN6CAJZNV2UCAI19HRSCAY6Z8HLCAS3JGB5CAP1FL1ZCAVBCRFXCAQU35ZKCAE1 J520CAFBYDFZ (188133) into directory file 24109.
Recovering orphaned file UPDATE~3 (188160) into directory file 24109.
Recovering orphaned file update[3] (188160) into directory file 24109.
Recovering orphaned file UP1FE2~1 (188236) into directory file 24109.
Recovering orphaned file update[10] (188236) into directory file 24109.
Recovering orphaned file UP1FF2~1 (188247) into directory file 24109.
Recovering orphaned file update[11] (188247) into directory file 24109.
Recovering orphaned file e (188253) into directory file 24109.
Recovering orphaned file update (188254) into directory file 24109.
Recovering orphaned file UPDATE~4 (188276) into directory file 24109.
Recovering orphaned file update[4] (188276) into directory file 24109.
Recovering orphaned file UP79B5~1 (188280) into directory file 24109.
Recovering orphaned file update[7] (188280) into directory file 24109.
Recovering orphaned file UP89BD~1 (188308) into directory file 24109.
Recovering orphaned file update[8] (188308) into directory file 24109.
Recovering orphaned file 9LCAGM~1 (188647) into directory file 24109.
Recovering orphaned file 9LCAGMZ3Q8CA3JDTS6CAML0Y7ACA5JIH90CA7O0POICAZOA36PCA6V2LBECAMJJIEYCABZ40THC A72HW7JCAZ3BFK8CADHO6JVCAF4XONGCAMK2SS8CA1CIDGACA5YWCG6CAVJJ66GCA4V8DL9CAFC AQ6CCAEFBVV4 (188647) into directory file 24109.
Recovering orphaned file 8KCA12~1 (188735) into directory file 24109.
Recovering orphaned file 8KCA12LQRBCAO94LKKCAL83FQ8CABJSACQCALNKS0DCA9M1R9SCA34Q41YCANVL2FZCA2CQSV8C AZ6JVTSCANV5GAOCAZHIN3KCAUADR4GCAKKZBMLCA5C32EBCAH0I5JUCADHTHP1CAQ7ZYLBCAIA HWAMCAQG9R73 (188735) into directory file 24109.
Recovering orphaned file 1NCAET~1 (188742) into directory file 24109.
Recovering orphaned file 1NCAETDU9VCA23WL63CAQMC44HCARGAZX0CAQWKA7JCASBOJRFCA2JUL7ICAQ6N1C6CAQI6V3GC AJAXA2NCAC96YDZCASCPN04CAW0GOYICAORM6XNCAQ8WOQSCA5NRQ32CAIUY1BMCAGL1LN8CAT1 76I4CAL04RVC (188742) into directory file 24109.
Recovering orphaned file V4CAEA~1 (188989) into directory file 24109.
Recovering orphaned file V4CAEATGO8CANYGTXVCA9M9KGZCANW5VFQCAZVRDUTCAOVPYUICAS08GGXCA1P5YXWCA1L611IC AKE1HM5CANRTWUUCA20Q29PCAI7YEU9CA0Q2R18CAEOITCJCASG34NECAY2BOA8CAPCA90XCAAZ AY5YCACNKWAU (188989) into directory file 24109.
Recovering orphaned file ANCADT~1 (189040) into directory file 24109.
Recovering orphaned file ANCADTZRZ7CAV82YW1CA7BZOXCCAJJQ1VLCAR2O1XXCA3KX37CCAJ9D3GTCAQ4B6BECASJWPH5C AMKMXB3CAMO1IQ6CAX2XN00CA7UAWDACASNWQ1SCA4Y362HCAHA45DQCA0CUO5OCAUAR661CA3I 0VJLCA9OHZR4 (189040) into directory file 24109.
Recovering orphaned file v4[5] (189080) into directory file 3249.
Recovering orphaned file v4[6] (189092) into directory file 3249.
Recovering orphaned file v4[7] (189104) into directory file 3249.
Recovering orphaned file v4[8] (189116) into directory file 3249.
Recovering orphaned file v4[9] (189128) into directory file 3249.
Recovering orphaned file v4[4].htm (189268) into directory file 3249.
Recovering orphaned file v4[5].htm (189304) into directory file 3249.
Recovering orphaned file v4[6].htm (189340) into directory file 3249.
Recovering orphaned file v4[7].htm (189368) into directory file 3249.
Recovering orphaned file v4[8].htm (189408) into directory file 3249.
Recovering orphaned file DCCASU~1 (194601) into directory file 24109.
Recovering orphaned file DCCASUP5E4CAV9NGRBCAWTCFMFCAFYVMOOCAXWSGE7CAR6MV8UCAE1BX9ICAPEH71SCAHQCP6JC AVKZIZICAPY7GE8CAWOD3V4CAJT4PGLCA4D28VHCAEM0GJ4CALBZP4PCAY017W1CARJSCHXCAIF BFM6CARCNVAI (194601) into directory file 24109.
Recovering orphaned file FAVICO~2.ICO (195657) into directory file 24109.
Recovering orphaned file favicon[2].ico (195657) into directory file 24109.
Recovering orphaned file VMCAJW7C1ICAA2FH1ICAT9LOELCAY20K9ECAKY136YCA89RM20CANBGA64CAA93BFQCAEG2KHDC A7OYGJ4CAP7OTA7CAWTRARYCAEH6IATCA64CC2ICAVJFKMRCA8C7CXGCAWYO73UCA85X1CQCAHG OQ3SCAK8M8IJ (195939) into directory file 24109.
Recovering orphaned file D6CAWQ~1 (195949) into directory file 24109.
Recovering orphaned file D6CAWQ821QCAQGGJTOCAU9LUE8CA4352YFCAMPVJGWCA6W4STFCACSB2LFCA0NDTQCCA1GT3WWC AZ0RKHUCA2O2ACMCANLLRNICASXX4Z0CAZ9I9S9CAN53I2YCAS1PTYRCARD9KBXCABWA3HXCAMA LFTGCAY86POC (195949) into directory file 24109.
Recovering orphaned file UPCA7G~1 (195956) into directory file 24109.
Recovering orphaned file UPCA7G0103CAQ9ZCH6CAN1MNT8CA277O6KCANH6YKACAENBNXACAVRF3QRCASSXIV2CAJ02Y5QC ARPQEZLCA5B9DNBCAU582AXCAW4AN7WCADFDTROCA2OMQ25CA1NSUMFCA13VCGZCABQUHQLCA77 YYCYCAF043N5 (195956) into directory file 24109.
Recovering orphaned file A2CACZ~1 (196057) into directory file 24109.
Recovering orphaned file A2CACZPY11CAQC8Y01CAUC36HKCAC3WB8HCA201041CAL16MYZCA9Q4G8HCAHOLETDCAPOCXDWC AHS1E33CA1NT1ARCA9LPQ2WCA3X0V39CAV0C7CBCANHFB0SCAJTEU1BCA1F1FK2CA2DLJ49CA5A EURWCACWGNR1 (196057) into directory file 24109.
Recovering orphaned file 7CCAO4~1 (196061) into directory fil"


Errors from Side By Side

Level Date and Time Source Event ID Task Category
Error 4/1/2009 12:14:57 PM SideBySide 78 None "Activation context generation failed for ""C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest."
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
28-Apr-2009, 12:00 PM #8
Can you set to disabled WER when in Safe Mode or open or uninstall any affected program from Safe Mode?

And if the problems did not occur in Safe Mode you need to begin with a Clean Boot and test there >>

http://support.microsoft.com/kb/929135 << written for Vista but apples equally to XP

That's a lot of drive corruption and we don't really know what was affected.

For system files you might try booting in Safe Mode and running sfc /scannow

And if you go to Folder Options > View and temporarily remove the check hiding protected and system files -- you should be able to locate folders that chkdsk has left on the root drive identified as "Foundnnn" where''nnn' is a number.

These are fragments of files that chkdsk has saved. You will be able to see some of them identified, but they cannot be used.
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
28-Apr-2009, 12:07 PM #9
Late breaking update....

I disabled all services using MSCONFIG (including startup) and rebooted. I did not receive Werfault Application Error messages but I also couldn't run any applications. When I checked Task Manager, specifically Processes, I found hundreds of Werfault.exe processes running (and more being loaded as I watched). The CPU utilization was steady at 38% (rather high).
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
28-Apr-2009, 12:09 PM #10
Quote:
Originally Posted by MaximumWarp View Post
Ugh.

Vista Home Premium. Received the dreaded WerFault.exe Application error THAT WILL NOT CLEAR (unknown software exception 0xc00000005 occurred in the applicaiton at locatoin 0xc00000005).

NO OTHER APPLICATIONS WILL RUN (ALTHOUGH IT'S CLEAR THERE IS AN ATTEMPT). PROBLEM SEEMED TO FOLLOW Outlook hanging on a send email through file manager (hung twice). A reboot brought forth THE BEAST!

I have tried turning off problem reporting (no luck, no reduction in problem severity) and even a system restore (target remains!). I also attempted to reset winsock. A quick review of processes shows something like a gazillion (technical term) WerFault processes. My attempts to terminate and block via Comodo are useless. Windows Defender and Comodo both found nothing on virus scans BUT...

At one point, through tinkering, I was able to get Application Errors on start-up of 5 previously stable programs including RunOnce, AdobeCollabSync and WZQKPICK (WINZIP) Wn111 and daemon. These errors could be cleared but then when I attempt to launch an application I would receive an Application Error for each and every attempt.

ideas?
Late breaking update....

I disabled all services using MSCONFIG (including startup) and rebooted. I did not receive Werfault Application Error messages but I also couldn't run any applications. When I checked Task Manager, specifically Processes, I found hundreds of Werfault.exe processes running (and more being loaded as I watched). The CPU utilization was steady at 38% (rather high).
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
28-Apr-2009, 08:51 PM #11
Progress...
1. Yes, I can indeed uninstall and install programs in safe mode. Took out Daemon Tools and added HijackThis and AVG (for another look at malware). Me stupid. Me very, very stupid. I appreciate your patience even more now.

2. With services disabled and booting in safe mode, I can get Windows Error Reporting to stand the bleep down. No processes. No warning messages. Nada. Me likey (sorry...stuck on a theme).

3. Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:55 PM, on 4/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myed-nc-alt.wachovia.com/dan...etupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 11627 bytes
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
28-Apr-2009, 10:07 PM #12
Ran SFC /Scannow
Have some goodies here but perhaps too much (30 Meg)?

This particular error got a LOT of repetition.

27, Info CSI 00000006 IAdvancedInstallerAwareStore_ResolvePendingTransactions call 1 loaded 125 (0x000000000000007d) pending advanced installer operations
2009-04-22 13:47:27, Error CSI 00000007@2009/4/22:17:47:27.816 (F) d:\rtm\base\wcp\identity\id_authority.cpp(291): Error STATUS_INVALID_PARAMETER originated in function Windows::Identity::Rtl::Implementation::CRtlIdentityAuthority::IRtlIdentity Authority_Format expression: Not-null check failed: Identity
[gle=0x80004005]
2009-04-22 13:47:36, Error CSI 00000008 (F) E_INVALIDARG #105# from Windows::COM::CComponentStore_IAdvancedInstallerAwareStore::ResolvePendingT ransactions(dwFlags = (RollbackOnFailure|DontFailIfPrimitivesPending|IndicatePrimitiveRollback), Progress = NULL, Phase = 0, Disposition = (unknown enumerant 0)[3]" | "0)[gle=0x80070057]
2009-04-22 13:47:36, Error CBS Startup: Failed to process advanced operation queue, startupPhase: 0. hr: 0x80070057
2009-04-22 13:47:36, Info
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
29-Apr-2009, 06:45 AM #13
Update (Here is Where We Are)
1. In normal mode, the machine boots clean with no Werfault.exe application messages and no Werfault.exe processes. All services are enabled EXCEPT 3 under the Startup tab that were previously displayed as Werfault.exe errors (I will experiment here).

2. The problem, in NORMAL mode, is that I CANNOT launch any applications. In event viewer I found 3 SidebySide (event id 78) errors which I looked up (and I'll be damned if I understand the explanation).

3. In Safe mode, I can run applications without restriction.

Progress I think! Ideas?
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
29-Apr-2009, 12:03 PM #14
Ok, first the idea is not to disable ALL services in a Clean Boot, just all NON Microsoft services other than WER, When you disable all services you not only flush your System Restore points, but there is at least one critical service that must be left enabled, Remote Procedure Call.

Anyway, the job from there is to re-enable startups and services in small groups to see which specific ones are causing problems.

I don't see any malware or other issues in the HJT log.

If you are trying to ferret out answers to Event Viewer messages, the only way to do it is to research them on EventID.net or on the MS site I posted links to.

Many, if not most, can be ignored.


Not sure what to make of those SFC /scannow reports; it sounds like something was in the process of being installed or uninstalled, but not completed (reboot required) when you ran it.


Did you have some specific problem with "Sidebar", if so, just use MSconfig to disable the entries using it.

Last edited by Rollin' Rog; 29-Apr-2009 at 12:09 PM..
MaximumWarp's Avatar
MaximumWarp MaximumWarp is offline
Junior Member with 13 posts.
THREAD STARTER
 
Join Date: Apr 2009
29-Apr-2009, 12:57 PM #15
No, I understood the approach. I disabled non-MS stuff. We're good.

Everything is enabled now but 3 applications that were explicitly named by Werfault on bootup. I plan to test Normal mode with everything enabled shortly.

I can run everything in Safe Mode. No warning messages.

I still cannot run any application in Normal Mode (but no WerFault messages at least). Applications just die out.

Any suggestions?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
application errors, werfault

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2