Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - RaveRocks

Pages: [1]
1
User Submitted Repair Guides / FIX: 1083 Error
« on: October 16, 2015, 07:02:10 PM »
Svchost is a multi-purpose tool that Windows uses to run services inside of an Explorer session. It accepts multiple command line switches that define the service's Network rights, among others.  Each service has it's own interior rules of what it expects from the session manager. At run time, when a service is first loaded, svchost validates the request by checking the received command line switch against a list of acceptable services.  If the service is not listed for that level of rights or is missing, a 1083 error is displayed in the Admin error logs.  Any service that depends on a (1083)'d service will register a 1068 error and in some cases a 1053 error.

--------------------------work-in-progress--------------------------------------------------
(note: The following information MAY have errors and/or omissions. I welcome other Vista Home Premium SP2 owners to compare notes and post their findings.)

Windows Vista stores the details of each service at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

Many of the listed services are not loaded by svchost, but all services that are loaded by svchost can be found here with the imagepath field showing the command line switch that will be used whenever that service is called via svchost.

The following is a list of services as called by the specified command line in Windows Vista Home Premium SP2 32bit.

svchost -k netsvcs AeLookupSvc AppInfo Bits Browser CertPropSvc EapHost hkmsvc IKEEXT iphlpsvc LanmanServer MMCSS MSISCSI ProfSvc RasAuto RasMan RemoteAccess Scheule ScPolicySVC Seclogon SENS SessionEnv SharedAccess ShellHWDetection Themes Wercplsupport winmgmt wuauserv

svchost -k LocalService Eventsystem fdPhost FDResPub LanmanWorkStation lltdsvc netprofm nsi QWAVE ScardSvr SLUINotify SSDEOSRV SstpSvc TBS THREADORDER upnphost W32Time wcncSvc Webclient WinHttpAutoProxySvc

svchost -k LocalServiceNetworkRestricted Audiosrv Dhcp EMDMgmt Eventlog lmhosts p2pimsvc p2psvc PNRPAutoReg PNRPSvc WdiSystemHost WPCSvc WSCSvc

svchost -k LocalSystemNetworkRestricted AudioEndpointBuilder dot3svc hidserv IPBusEnum Netman PcaSvc SysMain TabletInputService TrkWks UxSms Wlansvc WPDBusEnum wudfsvc

svchost -k LocalServiceNoNetwork BFE DPS ehstart MpsSvc pla

svchost -k NetworkService CryptSvc Dnscache KtmRm napagent NlaSvc TapiSrv TermService Wecsvc WinRm

svchost -k NetworkServiceNetworkRestricted PolicyAgent

svchost -k WerSvcGroup Wersvc

svchost -k DcomLaunch DcomLaunch PlugPlay

svchost -k GPSvcGroup gpsvc

svchost -k Regsvc RemoteRegistry

svchost -k rpcss RpcSs

svchost -k termsvcs TermService

svchost -k secsvcs WinDefend

svchost -k scssvc WcsPluginService

svchost -k LocalServiceAndNoImpersonation Fontcache

--------------------------------------------------------------------------------

Windows Vista stores a Validation list in the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SvcHost  Here you'll find an entry for each possible command line switch and each entry contains a multi-string list of the valid services that will be permitted to use the security clearance automatically given to services run under that category.

Since this is the area of the registry that may be damaged most often by either programming mistakes or malicious intent, this is the registry point that MUST rubber-stamp the rules outlined in the System\CurrentControlSet\Services entries as listed above.  If wanting a total solution, each service must have a valid entry in both areas.  If a user mucks with a Service's network rights thus changing the standard and expected set of rules for that service, other errors will be sure to follow.  I haven't experimented to see if Windows would automatically place a validating entry in Svchost's list when you changed a service's rights. And now that I've got my machine working again, I don't want to experiment.


==== edit 01 ====

Moved EMDMgmt (Readyboost Service) from LocalSystemNetworkRestricted to LocalServiceNetworkRestricted
Removed RemoteRegistry from the LocalService category; RemoteRegistry already loaded with - regsvc command line switch.
Configured Threadorder to start as a LocalService (was configured as LocalSystem)


2
I've downloaded the newly posted update today and attempted to install it.  Except for a brief cursor change to show a short spurt of activity, nothing happened. I've done a search for any files with the word 'tweaking' and found no new files added today except for the tweaking.com_windows_repair_aio_setup.exe file.

I'm not sure how to proceed.

---- edit 01 ----

I downloaded the portable version, unzipped and ran the full sequence in safe mode.  Rebooted and much the same errors appeared (User Profile Service not available and still no sound system).  While the repairs were running I noticed some strange errors because of extra extra extra long file paths, so I want to have a look at the log files to see if I can see what was happening.  More later tonight.

---- edit 02 ----

I've scoured the log files and couldn't find any mention of the error I was seeing during processing. The file location I saw briefly onscreen had Appdata and Roaming repeated multiple times.  I wish I could remember what repair section was running at the time.  I'll pay closer attention during the second pass.

3
Computer Help / Reg File for corrupt (empty) Registry Key
« on: October 02, 2015, 09:21:06 PM »
I think I found what ails my PC.  I found a blank entry in Winlogon\GPExtensions list.  And from the online research the entry that's blank has the GUID that should run the Administrative Templates that start the user services and group policies via userenv.dll

I'm running Windows Vista Home Premium 32bit.    Could someone running the same version please extract the contents of that key for me and post the results so that I can populate the key?

The GUID I'm needing is:  35378EAC-683F-11D2-A89A-00C04FBBCFA2    (that's the only blank one)

The full location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions\

By the way, I've checked a couple of old backup's made by JRT back in April and May of this year and the value of that key was blank way back then.  I remember I needed to get jiggy with some nasty malware around that time.  Life's lessons are tedious at best.

=====edit01======
I've been searching for an online reg file solution the past few hours and the thought occurred that others are having similar errors and that this is more than likely caused by malware of some sort.  In almost every case that I've come across, services in the GPExtensions stack have not been deleted but more often all of the subfolders/attributes have been deleted. 

I'm not sure if the Windows Repair tool checks this 'Run Once at StartUp' command list for blanked out or invalid entries because this is a clever way of killing a bunch of security services while leaving other services running that the malware needs.  It's actually quite silly that Windows has no built in fall-back procedure if one of it's key systems isn't where it's supposed to be. A cascade of errors can be caused by one blanked out registry entry.  In the old DOS world, if you wanted to mess with the operating system at the level we're talking about, you'd have to mess with assembler or compiled code.  Gates has given us a system full of back doors and loop holes.  By exposing the registry, Windows makes all of us vulnerable to having our high-speed internet connections used by nefarious nerds of various ages.  Now I ask you, how much code would it take to ensure such key systems are running and available? 

While I'm asking questions that I don't expect answers to, I was looking at the logs and noticed one system (MCIupdate) that was running twice a minute, with the obligatory log entry each time.  The spooler service is sending one error a second to a log file.  It's pointing at a registry address that does not exist.  I found the only existence of that particular location in an xml file.  I renamed it to *.old, only to have it appear again a few seconds later.  Now that's good management of resources.  It's absolutely no wonder that svchost is eating up such a huge volume of cpu clicks.  With the help of Process Explorer, I've had more of a look at the innards of Windows Vista than I really wanted, but the closer I look, the quicker I want to dump it.

4
Computer Help / [SOLVED]Vista Help Pls - Bad Install (and then some!)
« on: September 26, 2015, 06:30:55 PM »
I posted a new thread in Tweaking.comSoftware forum a few days ago with details of a UserProfile service problem.  When trying to run the latest Portable Windows Repair Tool, an "Invalid Picture" error resulted.  The latest main Repair tool also failed to install, with a blink. 

Today, I found some new clues that might help diagnose what the (blank) is going on and what changes should I attempt to rectify the situation. Any assistance would be appreciated.

While looking for something else, I came across two weird folder names  that I don't think should be there.  And in the folder, was a file (see below) containing xml data and a reference to <EXE NAME="Repair_Windows.exe". 

c:\windows\System32\%USERPROFILE%\Appdata\Local\Temp\{7e27814d-610e-4719-b04a-2d66121cfcc9}\appcompat.txt

In the c:\windows\System32\%USERPROFILE%\Appdata\Local\Temp\ folder, there are three other similar sub-folders with identical contents. That would probably be once for each of the four attempts at installing the non-Portable version. 

================

Here is a list of errors and warnings (From the Admin-view Event Log) that I'm getting at each PC startup or reboot:

The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

SL Token Store 'Initialize' failed with error hr=0x80070005.
Info: C:\Users\Default\AppData\Roaming\Microsoft\SoftwareLicensing\

The Software Licensing service failed to start. hr=0x80070005, [2, 7]

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

More details in the other thread. http://www.tweaking.com/forums/index.php/topic,3672.0.html After a week of searching the web for clues and suggestions, I'm still looking for a solution. If the restore disks/application would work, I would have gone that route three days ago.  Hooped in Vancouver. has been my new middle name this past week and I'm starting to hate the 'me' that's evolved.

5
Before posting this, I did a search of the Forum and found only one previous report of this error.  I was hoping for more reports of this problem and a possible solution.  I've got a seriously messed up PC running Viista Home Premium.  At start-up, I'm seeing the "Failed to connect to a Windows Service: User Profile Service".  All this started when I tried to stop the Task Scheduler from sucking up all the resources.  To be honest, I'm not sure what I did to cause the cascade of errors.  As an ex-programmer I should know better to document my steps.  The worst part of this mess is that I can't even get the original HP System Recovery disk(s) to run as it also starts up with an error and since the operating system was pre-installed on the PC, I have no Install disks to fall back on.   After Tweaking.com's utility failed to work, I looked for other similar tools.  Win Thruster looked promising but from my research, it looks like it's a scam of major proportions and a program to avoid at all costs. 

I did find plenty of reports of the "Invalid Picture" error with VB6 apps but no solutions or workarounds.  So I guess I'm up that famous 'smelly' creek without a paddle.  What a mess! What a mess!

== edit ==
I did try to run the tweaking.com_windows_repair_aio_setup.exe in both Safe and Regular mode (with MSSE turned off) logged in as administrator and nothing happened.  The cursor would flash into 'busy' mode for a brief second and then nothing.  Task Manager showed no activity as did Process Explorer.

== edit 2 ==
This PC has been running weird for the past month or more.  Symptoms include freezing up while showing full-screen videos (nVidia); loosing key-board short cuts in games like Spider Solitaire (pressing F1 would restore shortcuts temporarily); freezing up while compiling videos in Windows Movie Maker; a USB mouse would stop working for seconds at a time.

At the moment, with some of the system's service gimped, I'm not seeing my usual Vista Video enhancements and many programs fail to remember that they are my default browser (Firefox) and the internal Error viewers are unable to display dependencies.  Errors include a lot of entries in the Windows update log with \\?\c:\windows in the intended file address ;

DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-500\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently

DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC

This morning, I gave up trying to look for fixes (it's Sunday after all) and decided to play Spider Solitaire and the short-cut issue isn't happening and the same mouse never once gave up in the hour or more that I goofed off a bit.  I forgot to mention that the sound service is also not working.  USB services are fine.  DVD burning works.  No problems with Firefox except for the default browser forgetfulness thingy.

== edit 3 ==
Here is a list of errors and warnings from the Event Log (Administrator view) after a cold startup:

The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

SL Token Store 'Initialize' failed with error hr=0x80070005.
Info: C:\Users\Default\AppData\Roaming\Microsoft\SoftwareLicensing\

The Software Licensing service failed to start. hr=0x80070005, [2, 7]

The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2314216272-3108050197-1080286441-1000\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}




Pages: [1]