Thread: Spoolsv.exe problem - Continued
View Single Post
  #6  
Old July 16th 08, 01:49 PM posted to microsoft.public.windowsxp.help_and_support
Bob - Fort Worth
external usenet poster
  
Posts: 11
Default Spoolsv.exe problem - Continued
First Question:
My system has RPC as a dependency for the Spooler but NOT DCOM.
Should I add it? At boot time, as I watch the events as they occur on the
event log, I don't remember exactly when DCOM finally connected in relation
to when the Spool File Start command is issued, however, there are three
attempts to restart the Spooler (approx.10 mins total elapsed) I'm positive
the DCOM was OK by the time all three attempts completed. They all fail.

I have read and/or executed everything in the Knowledge Base.
308028, 314085, 314876, 324757, 919750

Here's my problem with 919750.
I'm at SR-3 where I think spoolsv.exe and spoolss.dll were modified (both
are now dated 4/13/2005).
As you and I discussed in a previous post .. when either of these two
processes is renamed, it is immediately replaced by another copy dtd.
4/13/2008 (makes 919750 inoperative). (This is not readily apparent unless
you are watching for it since the replacement does not immediately appear on
the file listing (it's added at the end of the list). I have figured out
how to prevent that immediate replacement but have been reluctant to try
since I am not sure which versions to revert to. Selection set includes:
8/29/2002 , 8/4/2004 (complicated by an update KB896423 dtd. 6/10/200), and
9/3/2002 (the date on the files on my original CD).

I know this is very detailed and tedious to get through. Sorry, I couldnt
think of a way to shorten it.
I hope it is clear enough.

Regards,

Bob - Fort Worth


"The Real Truth MVP" wrote:

Sorry, you said you already tried that. Check your RPC and Dcom services see
if they are running as they are dependencies.

--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




"The Real Truth MVP" wrote in message
news
Follow the steps listed here, If you do not have a Lexmark printer then
start at number 4
http://support.microsoft.com/kb/324757


--
Ignore posts made by the person called Leythos, he is a stalker who's been
obsessed with me for years ever since I spurned his advances towards me.




"Bob - Fort Worth" wrote in
message ...
I have tried everything suggested to resolve this problem and have made no
progress. I am pasting in a HiJack Log if someone might have the time
to
look it over and give me a hand.

I have a Dr. Waston Log but it's too big to include here. I can e-mail
it
on request.


Thanks in advance for your help.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:05 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/cust....com/search/ie.

html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/cust....com/search/ie.

html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)
O3 - Toolbar: &Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program

Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor -
{0BF43445-2F28-4351-9252-17FE6E806AA0} -
C:\Program

Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program
Files\Google\Gmail

Notifier\gnotify.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch
Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program
Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program
Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program
Files\Uniblue\RegistryBooster

2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AT&T Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no
file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes -
http://origin.games.yahoo.net/games/...s/y/dot9_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/game.../y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
Scan
Agent 6.6) -

http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory
Class) -

http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...cab?1197125098

343
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) -

http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX
Control) -

http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} -

http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common
Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google
Ads