[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 546
  • Last Modified:

Installation of PGP causes major svchost.exe errors; system inoperable

When I get the the end of the install process for the latest version of PGP Desktop Home 9.0, the installer asks me to reboot.  Upon starting up, my system has major problems starting up.  I get a svchost.exe error (instruction at 0x7c809784 referenced memory at 0x00000010, memory could not be written" just at the welcome screen (seemingly before logging onto the OS).  Often this error is repeated, the system takes about 15 minutes to start up (much more than the 2-3 minutes normal), most other applications fail to start (with various errors), and I eventually get a "windows must restart" because the RPC service terminated unexpectedly.  My primary avenue of recovery is to start in safe mode, and do a system restore before the installation of PGP.

Tech support at PGP thought the error was due to a spyware conflict.  I ran AOL spysweeper, SpyBot S&D, Ad-Aware, and Microsoft's AntiSpyWare (beta 1), which found various things, but not fixed the problem.

I have the very latest critical and security updates of XP home SP2 and McAfee VirusScan (which finds nothing).

I also tried clean installation (with load startup items unchecked, all non-Microsoft services unchecked, and system.ini and win.ini unchecked in msconfig).  That doesn't work.  No helpful errors appear in the event log.

I downloaded the PGP application file again (in case the first was corrupted), to no avail.  I asked if the earlier version of PGP was available, but was told "no."

Of course, the simple answer is "don't use PGP," but I have a client that insists on it.  Any other troubleshooting or installation tips would be appreciated.
0
KSymmers
Asked:
KSymmers
  • 7
  • 6
1 Solution
 
LeeTutorretiredCommented:
So you cannot get into Safe mode?  How about Safe mode with Command Prompt?  If you cannot get into Windows XP except in Command Prompt mode, you can run the System Restore utility from there also:

http://support.microsoft.com/default.aspx?scid=kb;en-us;304449
HOW TO: Start the System Restore Tool from a Command Prompt in Windows XP
0
 
KSymmersAuthor Commented:
I can get into safe mode, and I can do a system restore to just before the PGP install.  So even though things screw up after each installation attempt, I am able to step back and get back to normal operation -- just without the application I need.
0
 
LeeTutorretiredCommented:
Well, my first idea is that it is something caused by spyware/trojans/viruses or other malware, too.  But you seem to have done pretty good checking for that.  One other thing you might try along this vein:  You might also try this free program (HijackThis):

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you, telling you which entries (called "Nasty") should be fixed.  If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  scroll down where you will see a Save Analysis button, hit it and it will save your Log Analysis (for a period of three days), then copy the link of that page and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start

http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
KSymmersAuthor Commented:
LeeTutor:

Here's a link to my HijackThis file:  http://www.hijackthis.de/logfiles/fd5bc01fb0bbfcbd50d690c8bc00dbb4.html

I ran the application after performing a clean reboot.  That is, the startup items, the win.ini, and the system.ini were not loaded, and HiJackThis was then run.  Anything that involves spyware protection (specifically SpyBot, Ad-Aware, and MS AntiSpyware) probably aren't the culprits, since I had this problem before installing these applications.

Any recommendation on what to stop/delete, or what to do next, would be very much appreciated.
0
 
LeeTutorretiredCommented:
Well, the log file says to fix the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

Did you fix them?
And these are questionable ("possibly nasty"):

O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://www.etdbw.com/sdccommon/download/tgctlsi.cab   
Possibly nasty   Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwic.ops.placeware.com/etc/place/INDIA/SCIpws-c2/5.1.8.511/lib/quicksil ver.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1,0,0,7/McUpdatePortal.cab

O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.tqe.com/demonow/overview/demonow.cab

O16 - DPF: {7BA16120-B314-4EE4-A676-8B4B33909513} (Invoke Solutions MILive Participant Control(MR)) - http://157.238.134.97/events/bin/media/3.1.1.1110-3.0.0.7203/MILive.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab

O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab

(And a couple of others that seem to be connected with Dell computers.)  The advice given for all of those questionable ones is:  Check if you know this site and fix it if you do not.
0
 
KSymmersAuthor Commented:
LeeTutor:

I took a system snapshot, then deleted all nasty entries and all unknown ones, with three exceptions (Dell Notify Alert, McUpdatePortal (McAfee related), and linkedin.com).  Installed PGP and rebooted, and still got the same error.

I can delete these last three, but I'm suspecting we're long down the wrong path.  Any other ideas come to mind?
0
 
LeeTutorretiredCommented:
Some reading material for you on Svchost.exe:

http://support.microsoft.com/?kbid=314056
A Description of Svchost.exe in Windows XP

from Lockergnome, 1-28-03 edition:

Question: How do I find out what is starting a service on my computer? The name of the service is svchost.exe and the user name is Local Service. It starts with the first logon and eats a consistent 25-35% of CPU processing time. I have ended the process using the Windows Task Manager and have not had any problems. Any insight would be appreciated.
Answer: I think we can shed a little light on your svchost.exe problem. You didn't say whether you are using Windows XP or Windows 2000, so I will try to give the information for both. First, let's address what the svchost.exe program is used for. As quoted from Microsoft Knowledge Base Article - 314056: "At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging." In layman's terms, it is basically an easy way for your computer to execute a lot of DLL files that are needed at startup. So instead of just ending one of the instances of svchost.exe, we need to find what set of DLLs might be causing your processing problem.

In Windows XP, you can get a list of running services by going to Start | Run | type "CMD" | click OK. Type "tasklist /svc" (sans quotes) and then press Enter. Now you will have a list of every DLL running under each svchost.exe instance. For Windows 2000, you need to extract the Tlist.exe utility from the Support.cab file on your Windows 2000 installation CD. You still need to open a command window, but you will need to navigate to where you extracted the Tlist.exe file to, type "tlist -s" (sans quotes), and then press Enter.

For more information, see Microsoft Knowledge Base Article - 250320. Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost. Also, each svchost group extracts its service names from the following registry key, whose Parameters key contains a ServiceDLL value: HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ . Be sure to back up the registry key you are configuring before you make a change. You do this by browsing the desired registry key, and then going to File | Export. Follow the prompts, and you will now have a way to bring back that registry key (if you accidentally damaged it). I hope this helps to answer your question, but if you're still hunting for an answer after trying this suggestion, feel free to post your question in the Lockergnome forums, at help.lockergnome.com. [Brian]
0
 
KSymmersAuthor Commented:
Would it be helpful to do a clean boot (no startup items, no system.ini or win.ini), and review the services running at that stage?  I get the PGP install conflict even in this basic configuration.  Then, perhaps I can selectively disable services and install PGP, trying to localize which service is conficting.

Another approach, based on your post above, might be to remark out certain registry keys associated with the svchost groups, and see which one conflicts.  How to rem or comment a registry key I don't know, but it might be another approach.

The first sounds easier (via Win XP's System Information).  What do you think?
0
 
LeeTutorretiredCommented:
Yes, I think that would be a good idea.  And here is a good MS article about it:

http://support.microsoft.com/default.aspx?scid=kb;en-us;316434
HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP
0
 
KSymmersAuthor Commented:
Curious.  TASKLIST is not on my system.  Could that be because I have XP Home?  This makes troubleshooting SVCHOST difficult.

When I get the svchost "memory could not be written" error, I'm asked whether to terminate by clicking OK, or debug by clicking Cancel.  Is there a way to use Microsoft debugging tools to actually debug and determine what the offending application might be?

To recap, after antivirus sweeps and a clean reboot, I install the latest version of PGP and am asked to reboot the computer.  Upon reboot, I get three SVCHOST.EXE memory could not be written errors, the system slows to a crawl, then the NTAUTHORITY/SYSTEM initiates a shutdown because RPC terminates unexpectedly.
0
 
LeeTutorretiredCommented:
Yes, I think Tasklist is not available with XP Home; at least the Microsoft page I looked at only mentioned the Pro version.  You might try this free program:  Process Explorer

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
0
 
LeeTutorretiredCommented:
KSymmers, any feedback?
0
 
KSymmersAuthor Commented:
After a lot more fact finding, I determined that the PGP 9.0 application was fundamentally flawed at this stage and should not be installed.  I had a colleague who provided a link to an older version (8.1), which installed flawlessly.  I called PGP and had them swap my 9.0 license for one working in the older version.  I also griped enough to wrestle some installation support out of them.  At some point when I get a lot of free time, maybe I'll work with them to install the new version.

It's pretty sad when System Restore becomes one of my top five programs (as ranked by the Windows Start feature).  Thanks for you help, LeeTutor.  While we didn't come to a successful conclusion, I will award you the full complement of points.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now