1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WerFault / Application Errors

Discussion in 'Windows Vista' started by MaximumWarp, Apr 22, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Ugh.

    Vista Home Premium. Received the dreaded WerFault.exe Application error THAT WILL NOT CLEAR (unknown software exception 0xc00000005 occurred in the applicaiton at locatoin 0xc00000005).

    NO OTHER APPLICATIONS WILL RUN (ALTHOUGH IT'S CLEAR THERE IS AN ATTEMPT). PROBLEM SEEMED TO FOLLOW Outlook hanging on a send email through file manager (hung twice). A reboot brought forth THE BEAST!

    I have tried turning off problem reporting (no luck, no reduction in problem severity) and even a system restore (target remains!). I also attempted to reset winsock. A quick review of processes shows something like a gazillion (technical term) WerFault processes. My attempts to terminate and block via Comodo are useless. Windows Defender and Comodo both found nothing on virus scans BUT...

    At one point, through tinkering, I was able to get Application Errors on start-up of 5 previously stable programs including RunOnce, AdobeCollabSync and WZQKPICK (WINZIP) Wn111 and daemon. These errors could be cleared but then when I attempt to launch an application I would receive an Application Error for each and every attempt.

    ideas?
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Have you determined whether specific applications are faulting? Check the Event Viewer (run eventvwr.msc) and look at the Applications log

    Also I am not sure what you mean when you tried System Restore. Did the restore complete sucessfully to a date well prior to the problem?



    There are a couple of methods that should be able to turn WER off in Vista, which did you use?

    If you have gpedit.msc >> http://www.nirmaltv.com/2008/08/09/how-to-disable-error-reporting-in-windows-vista/

    Or just turn off the service, run services.msc and stop and disable it from there.

    You may have substantial registry or other file system damage. Have you run chkdsk?

    Does the problem occur in Safe Mode or in a Clean Boot? >>

    CLEAN BOOT TROUBLESHOOTING technique

    First, restart in Safe Mode if necessary -- (tap the f8 key promptly on startup and choose the Safe Mode option from the boot menu) or Normal mode

    Then:

    Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.


    Now restart and test the issue at hand

    If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

    If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

    Get the idea? You want to isolate the problem to a specific startup if possible.

    Note: if you already have items unchecked under msconfig > startups and are in “selective” startup mode – you should note what these are before beginning. They will need to be de-selected again.


    http://support.microsoft.com/kb/929135 << written for Vista but apples equally to XP
     
  3. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    1. The applications that are faulting at startup are referenced in the pop-up messages. These being with runonce.exe and include 3 others (which I have written down if you need them). All ran successfully until very, very recently. All would appear to be TSRs that launch at Startup. Thereafter, any application I attempt to run will generate the message.

    2. System restore finished successfully. This simply rolled back a Quicken 2009 installlation but did not solve the problems.

    3. I turned off Problem Reporting through the control panel.

    4. I tried adding Werfault.exe to Comodo's terminate and block list (no improvement).
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You need to determine whether any errors occur in Safe Mode or in a Clean Boot.

    If any specfic applications are faulting they need to be disabled or reinstalled. Let me know which ones are repeatedly faulting.

    You can check to see whether Windows Error Reporting is disabled in services.msc

    If not, I would disable it and reboot.

    Chkdsk should also be run on the drive. It may not fix current problems, but may prevent future ones.

    http://www.windows-help-central.com/windows-vista-chkdsk.html

    Once chkdsk reboots the results can be found in the Event Viewer (run: eventvwr.msc in the Applications > Wininit entry. This could be reviewed and uploaded here as a text file

    Finally, post a HijackThis scanlog

    Download and install HijackThis. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
     
  5. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Rollin,

    1. Thanks.

    2. Away from PC (traveling). Will follow your advice and circle back.

    3. One point of clarification. If I successfully disable WER won't I then struggle to diagnose the problem? Should I leave the bugger up (still running chkdsk, etc) then? Or will there still be errors that event viewer will see?

    4. Are you a fan of taking a cheap swing at the fences and resetting winsock? All of the "offending" programs at startup have connectivity functionality.

    Thanks again. I will dig into the problem with the sharp knives.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    No, WER does little or nothing to diagnose a problem. It just sends feedback to MS and if there is a known issue (usually rare) you will get back a web page with some suggestion such as the fault is occuring with a pariculular vendor driver -- update that.

    But error messages will still be available in the Event Viewer and you can research them independently from there.

    For BSODs, the dumpchecks will still be created as well.

    When you do get continuing errors open the Event Viewer (run eventvwr.msc) and look at the applications and systems logs. You can copy those recent repeating errors and paste an example of each ere.

    You can also individually research some using their Event ID numbers and an additional descriptor at these sites:

    http://www.eventid.net/

    http://www.microsoft.com/technet/support/ee/ee_advanced.aspx

    This last is actually what WER consults in most cases.



    As for Winsock, there is no risk in resetting it other than you may need to reinstall your security program if it uses it. If you want to post an HJT I can tell you if it does.

    Download and install HijackThis. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis


    But it's always a good idea to create and test a system restore point before doing so.


    Another thing you might want to try doing is to create a new User Account and log into that. You may be experiencing errors due to registry damage of the User hive and programs associated with it.
     
  7. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Thank you again for your help.

    Okay here we go...

    1. Problem does not occur in Safe Mode.

    2. I cannot stop Windows Error Reporting Services (Werfault.exe) using services.msc. Returns error 1053 Service did not respond to the start or control request in a timely manner.

    3. I cannot install HiJack This or any other application. Icon spins up and then just dies.

    4. I cannot UNinstall offending programs noted in the WerFault.exe. I receive an error (no code).

    5. Ran Chkdsk and as predicted there were errors (log will be posted below). Notably, deleting corrupt attribute record (128, "") from record segment. There were 7 occurrences.

    6. Comodo continues to update its anti-virus package and its scan found a virus which I quarantined (Heur.pck.pklite32).

    7. I checked the Application logs and the Event ID is 1001 (AppHangB1) for the gazillion Information alerts from Error Reporting. BUT PERHAPS THE BIGGER DEAL, might be the Error Messages from Side by Side (event 78). I'm out of my league.

    8. Reset Winsock and no improvement in problem.


    Check Disk Log

    Level Date and Time Source Event ID Task Category
    Information 4/27/2009 12:22:18 AM Microsoft-Windows-Wininit 1001 None "
    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is HP.
    A disk check has been scheduled.
    Windows will now check the disk.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x62c08e for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x62c08e for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x26c8f is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 158863.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x640634 for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x640634 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x2df57 is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 188247.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x674e4b for possibly 0x3 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x674e4b for possibly 0x3 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x2e2a1 is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 189089.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x62b7e8 for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x62b7e8 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x2e39c is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 189340.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x64f117 for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x64f117 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x2e3e0 is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 189408.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x519345 for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x519345 for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x30215 is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 197141.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x64045f for possibly 0x1 clusters.
    Attribute record of type 0x80 and instance tag 0x4 is cross linked
    starting at 0x64045f for possibly 0x1 clusters.
    Some clusters occupied by attribute of type 0x80 and instance tag 0x4
    in file 0x3103a is already in use.
    Deleting corrupt attribute record (128, """")
    from file record segment 200762.
    242496 file records processed.
    1165 large file records processed.
    0 bad file records processed.
    0 EA records processed.
    50 reparse records processed.
    The index bitmap $I30 in file 0x5e2d is incorrect.
    Correcting error in index $I30 for file 24109.
    301536 index entries processed.
    CHKDSK is recovering lost files.
    Recovering orphaned file UP69B5~1 (3204) into directory file 24109.
    Recovering orphaned file update[5] (3204) into directory file 24109.
    Recovering orphaned file ANCAHI~1 (3285) into directory file 24109.
    Recovering orphaned file ANCAHIKE2MCA485N9TCA8ZPINICA1EE3WQCAO9LTCFCA6IG3Z3CAM736AHCADQ9FTRCA5SRRWPCAY38SGECAALAN8HCAE3NX41CA11JL87CA4GOG9ECA4PJOD2CAX0I14ECAMIYQTQCA2LHLMWCACK2MZSCA2JYW29 (3285) into directory file 24109.
    Recovering orphaned file desktop.ini (131329) into directory file 24109.
    Recovering orphaned file 27CAI4~1 (133446) into directory file 24109.
    Recovering orphaned file 27CAI4YTGACAIXLMXKCASOLWB8CA4M9M3VCA4KBM3XCAAK19B8CAURFFS2CA6WPSI3CA03FQBMCALW8TKWCAZB7JQKCAVFSAEYCAHMG9HCCAY7F5XBCACS7FT8CAQWEVEDCAS1VYPBCAHY6D22CA1Q137SCAIH9N6X (133446) into directory file 24109.
    Recovering orphaned file LAYOUT~1 (134487) into directory file 24109.
    Recovering orphaned file Layout[1] (134487) into directory file 24109.
    Recovering orphaned file IDCAEN~1 (135450) into directory file 24109.
    Recovering orphaned file IDCAENPSAECAZMWPYICAL78I3TCA6Z0YWACARYTRYYCAXNLMMWCAJJ6G6ZCAA619YICAZBNWZWCAYIMHZ0CATO6KJ1CAX6I0ROCABYNTR1CA4HHLDRCACSIQD3CAPW0JS8CABJ2K69CASZGGTZCA0PTM8TCAZDMWPY (135450) into directory file 24109.
    Recovering orphaned file KTCA4J~1 (148237) into directory file 24109.
    Recovering orphaned file KTCA4JP01WCA0RP35XCA3KLCZPCA3F8EGKCAL7CA81CA6ULK4ICAO6PV3QCAV93KI3CA56T9VQCAWG0Y54CA4DXLH4CAVTER1WCAEIGU98CAZR9VD7CA1UQTAICAWM5PJPCAKOQGZ3CAHSH2L5CA45RONJCA3SI9IK (148237) into directory file 24109.
    Recovering orphaned file 6PCAZ7~1 (153846) into directory file 24109.
    Recovering orphaned file 6PCAZ73J88CAG6RKWJCADZI9AACAK6685KCAHZT7UPCANAPN0LCAB1G7DACA4NKV4YCAGIXLY2CASO9DT3CA9YOTZJCAHNWS4OCAZYT9TBCA4T3AOICAK7A0DJCAGATOYWCA5HCCWDCAHFNX0QCA0UOP7RCAWMHBCG (153846) into directory file 24109.
    Recovering orphaned file U2CA7W~1 (154240) into directory file 24109.
    Recovering orphaned file U2CA7W3SELCACG2LHNCA8UNZD1CAXZF0KFCARZZKP7CAM7AINICA84H3OLCA1RETIQCAAFLQAHCASGD18UCAO6OA0JCAMSF9A8CAYSKS7ICA0BWRAACAO05K7SCAEQLF6NCA5SM10HCAN887LACAITD38ZCAR19NWW (154240) into directory file 24109.
    Recovering orphaned file HWCALD~1 (154324) into directory file 24109.
    Recovering orphaned file HWCALD967DCACF0YUOCAVXXCSYCAWXLZBUCAHLTOU7CAK2UK2TCAXSAEYTCA0AI23JCAEJHHOACA8LX32UCAR1GOXCCABTQAN7CA2RLXQ3CAYQ3XBFCA303MU2CA4X4TKDCADMKOI6CA8FIFVXCAIYB6M1CAQ35FGG (154324) into directory file 24109.
    Recovering orphaned file JYCA2F~1 (154693) into directory file 24109.
    Recovering orphaned file JYCA2FE2MECAF1KFDLCAVJ5FIRCAQ2D093CAVVQ0QFCAXIUVL6CA8L1JHQCAYVN7I3CAO7MSU3CA8CXPFSCAWPN7T8CAYK9JIZCAC49XAGCAA08SLJCAM4OJ6LCAD1N86XCA6UXBBICA0GLHVACAUB9S43CAR1L0G9 (154693) into directory file 24109.
    Recovering orphaned file 3NCADN~1 (155451) into directory file 24109.
    Recovering orphaned file 3NCADNDCXGCAU89ZILCAETYDKBCAMJMS80CARKTDB1CAGU7TLUCA3NAWNLCA84ZD3ICA8EKTBZCA5J1ZX9CASJ4KZ2CASC1B9YCAE4571FCADUG8M0CA8QWCQ5CA40G88OCAOIQF9ACAVHEG6ECA5GX8CECARAUJQK (155451) into directory file 24109.
    Recovering orphaned file UYCATO~1 (157463) into directory file 24109.
    Recovering orphaned file UYCATOJ4GBCAAM3OFYCA7PIN9BCADADC6LCA6HVO65CA55HVRLCAKH10H6CAPVNSUHCAZHDNMOCAL4LGNJCAQUNWXACAVL9XEVCAR2JW3ICAT42IBLCAHMMOTHCAULA4J5CAXZCMF9CAE1RW6ICAZ8OU9MCA3V4XVB (157463) into directory file 24109.
    Recovering orphaned file FAVICO~1.ICO (158863) into directory file 24109.
    Recovering orphaned file favicon[1].ico (158863) into directory file 24109.
    Recovering orphaned file UPDATE~1 (177568) into directory file 24109.
    Recovering orphaned file update[1] (177568) into directory file 24109.
    Recovering orphaned file UPDATE~2 (177762) into directory file 24109.
    Recovering orphaned file update[2] (177762) into directory file 24109.
    Recovering orphaned file V6CA3N~1 (177950) into directory file 24109.
    Recovering orphaned file V6CA3NHLB8CA43TB8BCA1YVPVKCA72ME8KCAIEOEDGCA5F4411CACUH118CAAW9LBDCA9PHZ55CAQKF4HSCA5SQTQQCAV2030PCAZVXBQECACVET3UCAB7YQSCCAJQK8FVCAJBYXN4CAMUN952CAZ90PLJCA2UDUVT (177950) into directory file 24109.
    Recovering orphaned file UP89B5~1 (178427) into directory file 24109.
    Recovering orphaned file update[9] (178427) into directory file 24109.
    Recovering orphaned file B7CAXJ~1 (179954) into directory file 24109.
    Recovering orphaned file B7CAXJPMKVCAP6NY0VCA7PS8LRCANHVY14CA8E2N4GCAL3N7OACA3GQVRFCAEDDSKOCAP2U9U6CABLO3HACAXUW61ZCA1BBA7BCACUD1VWCANPRBP7CA49RBPFCAEFTCOJCATAII68CANF9AI6CATLLBFMCA6WLA33 (179954) into directory file 24109.
    Recovering orphaned file FOCAEP~1 (180466) into directory file 24109.
    Recovering orphaned file FOCAEPS70YCALX5P5HCA0JK88TCA37AKJJCAJ1IXMHCAY7FQOVCAANJVJ0CAQN2E9VCAL1BKSGCA8ASOUTCA9WLVCACAGCRD56CAZ0OK8MCAO98RPKCATKUYCBCAJ8RTMGCAW14G8JCAN5DJFPCACISS2RCAIUKJ9B (180466) into directory file 24109.
    Recovering orphaned file UVCAO7~1 (180472) into directory file 24109.
    Recovering orphaned file UVCAO76UW0CAL9HENFCA8C9PJUCAHZJEZXCAKM5YSNCAVKTVFMCAQ4LMRNCAKZEG53CA15X8T7CAGF5BJQCAJ1XZZ9CAW0MQT8CASKEI6HCA0CKRD2CAEK1V7XCA5VVJ1ACAKBF8ATCANIDC4SCAB8FGFSCA5E5EL2 (180472) into directory file 24109.
    Recovering orphaned file 061-45~1.DIS (183189) into directory file 24109.
    Recovering orphaned file 061-4512.English[1].dist (183189) into directory file 24109.
    Recovering orphaned file 061-46~1.DIS (183823) into directory file 24109.
    Recovering orphaned file 061-4609.English[1].dist (183823) into directory file 24109.
    Recovering orphaned file 061-57~1.DIS (186984) into directory file 24109.
    Recovering orphaned file 061-5797.English[1].dist (186984) into directory file 24109.
    Recovering orphaned file 061-58~1.DIS (187778) into directory file 24109.
    Recovering orphaned file 061-5815.English[1].dist (187778) into directory file 24109.
    Recovering orphaned file FUCA8G~1 (187888) into directory file 24109.
    Recovering orphaned file FUCA8GKKBYCAM4SNCPCAIAPEJJCA8C28D4CAL21NVDCAL7HSDTCA00GE6LCAP3T3O4CAG0D68ZCA9300G1CAAW0ST3CABOP8S3CA4B5CV6CA2DND2CCADPEQMKCAXTO6B2CA3CFYVGCA0H3OEACAUXNP4VCA3DDAWW (187888) into directory file 24109.
    Recovering orphaned file DPCA91~1 (187897) into directory file 24109.
    Recovering orphaned file DPCA91NT4UCA3LJMK8CAWW2V2XCA41RMZYCA0BTJJMCAREDSGPCAXLHIV7CANRKYA8CAHY4P2CCA3DKU07CAD2RG28CA72UFL5CA9MFYJFCAR8HU46CAW4DAKJCA1ZAEJ1CAZYA1S8CAMO29CRCAY3KK6MCAYNBWO7 (187897) into directory file 24109.
    Recovering orphaned file 3CCAWW~1 (187903) into directory file 24109.
    Recovering orphaned file 3CCAWWC68CCA720C74CAI7A2J2CARNXLYUCA5VEIAZCA1TRAS2CADNM8ZCCA3NZAUICAEY2RXKCAZ9ZY49CA4EYXTOCANYPGNNCAXCPLIYCA9YHG12CALG223ZCA9WYRBHCAQYL3PICA5IJI1ACA3BU96JCA3I0MAV (187903) into directory file 24109.
    Recovering orphaned file KSCAX1~1 (187953) into directory file 24109.
    Recovering orphaned file KSCAX1MWZ8CAQWK1OKCA8X98NFCA8YJ9UYCAVTA518CA0PEMMSCAUUVYEPCAIZQT1RCA0G53A7CAOM431HCAT1GU4RCAP46HRRCALOCYNZCA8DHW19CA0T6FAPCAXONFJ3CAZGHB1OCA0ZL73OCAZU1K7FCARRZ574 (187953) into directory file 24109.
    Recovering orphaned file G8CAS3~1 (188004) into directory file 24109.
    Recovering orphaned file G8CAS3L5PJCA2VKSOBCAKYR523CA11JXV3CAWKLVPPCA52MBT1CA30MFTHCA7ZEWT5CAHF3VNKCA152RBICARV03XCCAP0JMO6CAVXX9AJCA6JD35FCAPLHTGBCAM72TV7CAVJ217XCAKN4LR7CAI2W9NRCAYJVHOA (188004) into directory file 24109.
    Recovering orphaned file UP79BD~1 (188044) into directory file 24109.
    Recovering orphaned file update[6] (188044) into directory file 24109.
    Recovering orphaned file E5CAD9~1 (188103) into directory file 24109.
    Recovering orphaned file E5CAD92WG7CAP6J3NBCA3AE8HTCAIW3RT3CACU3PS3CAAXR8FHCAQ25BFJCAPBCDDACAUUF14ECAG1NU0ZCAFB11XNCAAIBWFBCAAGEHFMCAT46VL5CAN5S98NCAE7TSI0CAK3ITYTCAABWC3GCASY99D7CAH0XGQK (188103) into directory file 24109.
    Recovering orphaned file OJCAQ8~1 (188133) into directory file 24109.
    Recovering orphaned file OJCAQ8J9L7CANRO83HCAH8ITT7CAXKT91CCAWQF9YOCASP5559CAPGPA17CAOQIBI7CA3XT4BVCA3VPL8PCAFAHCN6CAJZNV2UCAI19HRSCAY6Z8HLCAS3JGB5CAP1FL1ZCAVBCRFXCAQU35ZKCAE1J520CAFBYDFZ (188133) into directory file 24109.
    Recovering orphaned file UPDATE~3 (188160) into directory file 24109.
    Recovering orphaned file update[3] (188160) into directory file 24109.
    Recovering orphaned file UP1FE2~1 (188236) into directory file 24109.
    Recovering orphaned file update[10] (188236) into directory file 24109.
    Recovering orphaned file UP1FF2~1 (188247) into directory file 24109.
    Recovering orphaned file update[11] (188247) into directory file 24109.
    Recovering orphaned file e (188253) into directory file 24109.
    Recovering orphaned file update (188254) into directory file 24109.
    Recovering orphaned file UPDATE~4 (188276) into directory file 24109.
    Recovering orphaned file update[4] (188276) into directory file 24109.
    Recovering orphaned file UP79B5~1 (188280) into directory file 24109.
    Recovering orphaned file update[7] (188280) into directory file 24109.
    Recovering orphaned file UP89BD~1 (188308) into directory file 24109.
    Recovering orphaned file update[8] (188308) into directory file 24109.
    Recovering orphaned file 9LCAGM~1 (188647) into directory file 24109.
    Recovering orphaned file 9LCAGMZ3Q8CA3JDTS6CAML0Y7ACA5JIH90CA7O0POICAZOA36PCA6V2LBECAMJJIEYCABZ40THCA72HW7JCAZ3BFK8CADHO6JVCAF4XONGCAMK2SS8CA1CIDGACA5YWCG6CAVJJ66GCA4V8DL9CAFCAQ6CCAEFBVV4 (188647) into directory file 24109.
    Recovering orphaned file 8KCA12~1 (188735) into directory file 24109.
    Recovering orphaned file 8KCA12LQRBCAO94LKKCAL83FQ8CABJSACQCALNKS0DCA9M1R9SCA34Q41YCANVL2FZCA2CQSV8CAZ6JVTSCANV5GAOCAZHIN3KCAUADR4GCAKKZBMLCA5C32EBCAH0I5JUCADHTHP1CAQ7ZYLBCAIAHWAMCAQG9R73 (188735) into directory file 24109.
    Recovering orphaned file 1NCAET~1 (188742) into directory file 24109.
    Recovering orphaned file 1NCAETDU9VCA23WL63CAQMC44HCARGAZX0CAQWKA7JCASBOJRFCA2JUL7ICAQ6N1C6CAQI6V3GCAJAXA2NCAC96YDZCASCPN04CAW0GOYICAORM6XNCAQ8WOQSCA5NRQ32CAIUY1BMCAGL1LN8CAT176I4CAL04RVC (188742) into directory file 24109.
    Recovering orphaned file V4CAEA~1 (188989) into directory file 24109.
    Recovering orphaned file V4CAEATGO8CANYGTXVCA9M9KGZCANW5VFQCAZVRDUTCAOVPYUICAS08GGXCA1P5YXWCA1L611ICAKE1HM5CANRTWUUCA20Q29PCAI7YEU9CA0Q2R18CAEOITCJCASG34NECAY2BOA8CAPCA90XCAAZAY5YCACNKWAU (188989) into directory file 24109.
    Recovering orphaned file ANCADT~1 (189040) into directory file 24109.
    Recovering orphaned file ANCADTZRZ7CAV82YW1CA7BZOXCCAJJQ1VLCAR2O1XXCA3KX37CCAJ9D3GTCAQ4B6BECASJWPH5CAMKMXB3CAMO1IQ6CAX2XN00CA7UAWDACASNWQ1SCA4Y362HCAHA45DQCA0CUO5OCAUAR661CA3I0VJLCA9OHZR4 (189040) into directory file 24109.
    Recovering orphaned file v4[5] (189080) into directory file 3249.
    Recovering orphaned file v4[6] (189092) into directory file 3249.
    Recovering orphaned file v4[7] (189104) into directory file 3249.
    Recovering orphaned file v4[8] (189116) into directory file 3249.
    Recovering orphaned file v4[9] (189128) into directory file 3249.
    Recovering orphaned file v4[4].htm (189268) into directory file 3249.
    Recovering orphaned file v4[5].htm (189304) into directory file 3249.
    Recovering orphaned file v4[6].htm (189340) into directory file 3249.
    Recovering orphaned file v4[7].htm (189368) into directory file 3249.
    Recovering orphaned file v4[8].htm (189408) into directory file 3249.
    Recovering orphaned file DCCASU~1 (194601) into directory file 24109.
    Recovering orphaned file DCCASUP5E4CAV9NGRBCAWTCFMFCAFYVMOOCAXWSGE7CAR6MV8UCAE1BX9ICAPEH71SCAHQCP6JCAVKZIZICAPY7GE8CAWOD3V4CAJT4PGLCA4D28VHCAEM0GJ4CALBZP4PCAY017W1CARJSCHXCAIFBFM6CARCNVAI (194601) into directory file 24109.
    Recovering orphaned file FAVICO~2.ICO (195657) into directory file 24109.
    Recovering orphaned file favicon[2].ico (195657) into directory file 24109.
    Recovering orphaned file VMCAJW7C1ICAA2FH1ICAT9LOELCAY20K9ECAKY136YCA89RM20CANBGA64CAA93BFQCAEG2KHDCA7OYGJ4CAP7OTA7CAWTRARYCAEH6IATCA64CC2ICAVJFKMRCA8C7CXGCAWYO73UCA85X1CQCAHGOQ3SCAK8M8IJ (195939) into directory file 24109.
    Recovering orphaned file D6CAWQ~1 (195949) into directory file 24109.
    Recovering orphaned file D6CAWQ821QCAQGGJTOCAU9LUE8CA4352YFCAMPVJGWCA6W4STFCACSB2LFCA0NDTQCCA1GT3WWCAZ0RKHUCA2O2ACMCANLLRNICASXX4Z0CAZ9I9S9CAN53I2YCAS1PTYRCARD9KBXCABWA3HXCAMALFTGCAY86POC (195949) into directory file 24109.
    Recovering orphaned file UPCA7G~1 (195956) into directory file 24109.
    Recovering orphaned file UPCA7G0103CAQ9ZCH6CAN1MNT8CA277O6KCANH6YKACAENBNXACAVRF3QRCASSXIV2CAJ02Y5QCARPQEZLCA5B9DNBCAU582AXCAW4AN7WCADFDTROCA2OMQ25CA1NSUMFCA13VCGZCABQUHQLCA77YYCYCAF043N5 (195956) into directory file 24109.
    Recovering orphaned file A2CACZ~1 (196057) into directory file 24109.
    Recovering orphaned file A2CACZPY11CAQC8Y01CAUC36HKCAC3WB8HCA201041CAL16MYZCA9Q4G8HCAHOLETDCAPOCXDWCAHS1E33CA1NT1ARCA9LPQ2WCA3X0V39CAV0C7CBCANHFB0SCAJTEU1BCA1F1FK2CA2DLJ49CA5AEURWCACWGNR1 (196057) into directory file 24109.
    Recovering orphaned file 7CCAO4~1 (196061) into directory fil"


    Errors from Side By Side

    Level Date and Time Source Event ID Task Category
    Error 4/1/2009 12:14:57 PM SideBySide 78 None "Activation context generation failed for ""C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest."
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Can you set to disabled WER when in Safe Mode or open or uninstall any affected program from Safe Mode?

    And if the problems did not occur in Safe Mode you need to begin with a Clean Boot and test there >>

    http://support.microsoft.com/kb/929135 << written for Vista but apples equally to XP

    That's a lot of drive corruption and we don't really know what was affected.

    For system files you might try booting in Safe Mode and running sfc /scannow

    And if you go to Folder Options > View and temporarily remove the check hiding protected and system files -- you should be able to locate folders that chkdsk has left on the root drive identified as "Foundnnn" where''nnn' is a number.

    These are fragments of files that chkdsk has saved. You will be able to see some of them identified, but they cannot be used.
     
  9. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Late breaking update....

    I disabled all services using MSCONFIG (including startup) and rebooted. I did not receive Werfault Application Error messages but I also couldn't run any applications. When I checked Task Manager, specifically Processes, I found hundreds of Werfault.exe processes running (and more being loaded as I watched). The CPU utilization was steady at 38% (rather high).
     
  10. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Late breaking update....

    I disabled all services using MSCONFIG (including startup) and rebooted. I did not receive Werfault Application Error messages but I also couldn't run any applications. When I checked Task Manager, specifically Processes, I found hundreds of Werfault.exe processes running (and more being loaded as I watched). The CPU utilization was steady at 38% (rather high).
     
  11. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    1. Yes, I can indeed uninstall and install programs in safe mode. Took out Daemon Tools and added HijackThis and AVG (for another look at malware). Me stupid. Me very, very stupid. I appreciate your patience even more now.

    2. With services disabled and booting in safe mode, I can get Windows Error Reporting to stand the bleep down. No processes. No warning messages. Nada. Me likey (sorry...stuck on a theme).

    3. Hijack This log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:43:55 PM, on 4/28/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Safe mode with network support
    Running processes:
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files (x86)\AVG\AVG8\avgtray.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
    O4 - HKLM\..\Run: [BrStsWnd] "C:\Program Files (x86)\Brownie\BrstsW64.exe" Autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://myed-nc-alt.wachovia.com/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
    O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
    O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
    O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
    O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
    --
    End of file - 11627 bytes
     
  12. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    Have some goodies here but perhaps too much (30 Meg)?

    This particular error got a LOT of repetition.

    27, Info CSI 00000006 IAdvancedInstallerAwareStore_ResolvePendingTransactions call 1 loaded 125 (0x000000000000007d) pending advanced installer operations
    2009-04-22 13:47:27, Error CSI 00000007@2009/4/22:17:47:27.816 (F) d:\rtm\base\wcp\identity\id_authority.cpp(291): Error STATUS_INVALID_PARAMETER originated in function Windows::Identity::Rtl::Implementation::CRtlIdentityAuthority::IRtlIdentityAuthority_Format expression: Not-null check failed: Identity
    [gle=0x80004005]
    2009-04-22 13:47:36, Error CSI 00000008 (F) E_INVALIDARG #105# from Windows::COM::CComponentStore_IAdvancedInstallerAwareStore::ResolvePendingTransactions(dwFlags = (RollbackOnFailure|DontFailIfPrimitivesPending|IndicatePrimitiveRollback), Progress = NULL, Phase = 0, Disposition = (unknown enumerant 0)[3]" | "0)[gle=0x80070057]
    2009-04-22 13:47:36, Error CBS Startup: Failed to process advanced operation queue, startupPhase: 0. hr: 0x80070057
    2009-04-22 13:47:36, Info
     
  13. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    1. In normal mode, the machine boots clean with no Werfault.exe application messages and no Werfault.exe processes. All services are enabled EXCEPT 3 under the Startup tab that were previously displayed as Werfault.exe errors (I will experiment here).

    2. The problem, in NORMAL mode, is that I CANNOT launch any applications. In event viewer I found 3 SidebySide (event id 78) errors which I looked up (and I'll be damned if I understand the explanation).

    3. In Safe mode, I can run applications without restriction.

    Progress I think! Ideas?
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, first the idea is not to disable ALL services in a Clean Boot, just all NON Microsoft services other than WER, When you disable all services you not only flush your System Restore points, but there is at least one critical service that must be left enabled, Remote Procedure Call.

    Anyway, the job from there is to re-enable startups and services in small groups to see which specific ones are causing problems.

    I don't see any malware or other issues in the HJT log.

    If you are trying to ferret out answers to Event Viewer messages, the only way to do it is to research them on EventID.net or on the MS site I posted links to.

    Many, if not most, can be ignored.


    Not sure what to make of those SFC /scannow reports; it sounds like something was in the process of being installed or uninstalled, but not completed (reboot required) when you ran it.


    Did you have some specific problem with "Sidebar", if so, just use MSconfig to disable the entries using it.
     
  15. MaximumWarp

    MaximumWarp Thread Starter

    Joined:
    Apr 22, 2009
    Messages:
    13
    No, I understood the approach. I disabled non-MS stuff. We're good.

    Everything is enabled now but 3 applications that were explicitly named by Werfault on bootup. I plan to test Normal mode with everything enabled shortly.

    I can run everything in Safe Mode. No warning messages.

    I still cannot run any application in Normal Mode (but no WerFault messages at least). Applications just die out.

    Any suggestions?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads
  1. Goldy
    Replies:
    0
    Views:
    262
  2. cokeymarie
    Replies:
    1
    Views:
    326
  3. xbill
    Replies:
    3
    Views:
    559
  4. jedigene
    Replies:
    0
    Views:
    522
  5. TalRazMob
    Replies:
    0
    Views:
    476
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/820983