Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

COM Error crashes computer when trying to email


  • Please log in to reply

#31
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

 

 

 

 

 

Also check
Multimedia Class Scheduler Service

Is it running?

 

No, it's not running but it is set to start automatically.

 

 

 

FRST LOG:

 

 

 

Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by JB (21-11-2017 10:27:56)
Running from C:\Users\JB\Desktop
Boot Mode: Normal

================== Search Files: "iesysprep.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.7601.17514_none_3853caf38f4097bb\iesysprep.dll
[2010-11-20 21:25][2010-11-20 21:25] 000114688 _____ (Microsoft Corporation) 3F0C0726F7C24E852D1590ABE721877D [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll
[2016-12-16 19:13][2016-02-18 13:49] 000105984 _____ (Microsoft Corporation) 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.7600.16385_none_924152af4aaf8557\iesysprep.dll
[2009-07-13 17:58][2009-07-13 19:41] 000138240 _____ (Microsoft Corporation) 601967E0B6C921E1077CBCC18CE46B5F [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_fde92cdecf0ab7d9\iesysprep.dll
[2016-12-10 21:04][2016-02-18 13:49] 000105984 _____ (Microsoft Corporation) 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 [File is digitally signed]

C:\Windows\SysWOW64\iesysprep.dll
[2013-12-03 19:01][2016-02-18 13:49] 000086016 _____ (Microsoft Corporation) 83F49FD1BC0A999B006D564C540C7258 [File is digitally signed]

C:\Windows\System32\iesysprep.dll
[2013-12-03 19:01][2016-02-18 13:49] 000105984 _____ (Microsoft Corporation) 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 [File is digitally signed]

C:\SFCFix\Backups\C\windows\winsxs\wow64_microsoft-windows-ie-sysprep_31bf3856ad364e35_11.2.9600.16428_none_083dd731036b79d4\iesysprep.dll
[2017-11-17 23:52][2016-02-18 13:49] 000105984 _____ (Microsoft Corporation) 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 [File is digitally signed]

====== End of Search ======

 

 

 

See if the procedure on

 

https://technet.micr...2(v=ws.10).aspx

 

works.

 

 

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\windows\system32>net accounts
Force user logoff how long after time expires?:       Never
Minimum password age (days):                          0
Maximum password age (days):                          42
Minimum password length:                              0
Length of password history maintained:                None
Lockout threshold:                                    Never
Lockout duration (minutes):                           30
Lockout observation window (minutes):                 30
Computer role:                                        WORKSTATION
The command completed successfully.

C:\windows\system32>

 

 

 

 

Log: 'System' Date/Time: 18/11/2017 6:35:21 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.

 

Try this:

 

http://www.howtonetw...ebuildipsec.htm

 

 

There was nothing in the registry of the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local

so I went to Click Start, click Run, type regsvr32 polstore.dll, and then click OK and got this error

 

 

RegKey2.jpg

 

 

 

 

OK REBOOTING AND POSTING NOW SO I DON'T LOOSE MY WORK SO FAR. VEW logs coming after reboot...

 

 

 


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,902 posts
  • MVP

Also check
Multimedia Class Scheduler Service

Is it running?

 

No, it's not running but it is set to start automatically.

 

 

Will it start if you tell it to?  Does it give you an error?


  • 0

#33
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2017 11:01:09 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/11/2017 4:59:47 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2017 11:03:03 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 4:59:48 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

 

 


  • 0

#34
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

 

Also check
Multimedia Class Scheduler Service

Is it running?

 

No, it's not running but it is set to start automatically.

 

 

Will it start if you tell it to?  Does it give you an error?

 

 

I just checked services and after the reboot, it's now up and running.


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,902 posts
  • MVP

Looks better.  Now if only Kaspersky would get their act together.  Assume you do have the latest version?  Have you asked on their forum about the registry key problem?


  • 0

#36
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

No sir. I was only following your advise to the tee until further notice. I try not to have too many irons in the fire and undermine any progress we make together. I will post it on their forum now.


  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    shorthaul99

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP