Hi, I'm having an error box pop up consistantly when I turn my lap top on. The error is due to an Automatic Updates error. I recently searched the forums and found a person who had a similar problem [Volta06] who posted his problem about a year ago. However, he posted a highjackthis report, which may have helped, yet I do not know how to access or retrieve that report. If anyone has had this problem or just anyone in general who knows how to correct this problem, please help.. Thanks

3
Contributors
10
Replies
11
Views
11 Years
Discussion Span
Last Post by DMR

Hi sdeguzman, welcome to DaniWeb :)

First of all, you need to give us the full and exact text of the error(s) you get, as well as any other details that might be related to the problem. The more information we have to go on, the faster we can help you get things sorted out.

If it seems that a HijackThis log would help, we'll give you instructions on just how to do that.

okay.. well i was able to attain the hijackthis which came out to:

Logfile of HijackThis v1.99.1
Scan saved at 6:58:45 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SetCrSr.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer soft button\SB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\SHERWI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CentralCrSr] C:\WINDOWS\system32\SetCrSr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Software Button] "C:\Program Files\Acer soft button\SB.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

the error box actually displays, "
Automatic Updates has encountered a problem and needs to close. We are sorry for the inconvenience."

szAppName : wuauclt.exe szAppVer : 5.8.0.2469
szModName : esent.dll
szModVer : 5.1.2600.2780 offset : 00057a11

if anymore information is needed let me know how to obtain it. thanks!

Your log shows no indications of infections, nor signs of anything (non-malicious) which might be causing the error.

1. Your log does show one thing you need to fix before we continue:
C:\DOCUME~1\SHERWI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

* Create a folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted hijackthis.exe file should open.
* Double-click on the hijackthis.exe file to verify that the program works. If it does, just close hijackthis for now.

2. Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those related to esent, wuauclt, or Automatic Update. Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Okay.. here are some of the misc. error reports that you have requested. These are just some errors that are part are from the application folder. Most of them seem to be the repeats of the first one posted of wuauclt.exe:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 7/1/2006
Time: 6:22:52 PM
User: N/A
Computer: ACER-885E81581C
Description:
Faulting application wuauclt.exe, version 5.8.0.2469, faulting module esent.dll, version 5.1.2600.2780, fault address 0x0005362d.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 77 75 61 ure wua
0018: 75 63 6c 74 2e 65 78 65 uclt.exe
0020: 20 35 2e 38 2e 30 2e 32 5.8.0.2
0028: 34 36 39 20 69 6e 20 65 469 in e
0030: 73 65 6e 74 2e 64 6c 6c sent.dll
0038: 20 35 2e 31 2e 32 36 30 5.1.260
0040: 30 2e 32 37 38 30 20 61 0.2780 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 35 33 36 32 0005362
0058: 64 d

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 7/1/2006
Time: 9:46:30 AM
User: NT AUTHORITY\SYSTEM
Computer: ACER-885E81581C
Description:
Windows saved user ACER-885E81581C\Sherwin De Guzman registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
\
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 7/1/2006
Time: 1:38:54 AM
User: N/A
Computer: ACER-885E81581C
Description:
Hanging application YPager.exe, version 7.0.2.120, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 50 61 67 65 72 YPager
0018: 2e 65 78 65 20 37 2e 30 .exe 7.0
0020: 2e 32 2e 31 32 30 20 69 .2.120 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 6/30/2006
Time: 6:58:21 PM
User: N/A
Computer: ACER-885E81581C
Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2780, fault address 0x00050c08.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 32 31 38 30 20 69 0.2180 i
0030: 6e 20 65 73 65 6e 74 2e n esent.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 32 37 38 2600.278
0048: 30 20 61 74 20 6f 66 66 0 at off
0050: 73 65 74 20 30 30 30 35 set 0005
0058: 30 63 30 38 0c08

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 6/30/2006
Time: 6:49:29 PM
User: N/A
Computer: ACER-885E81581C
Description:
Fault bucket 254364936.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 35 34 33 36 34 39 33 25436493
0010: 36 0d 0a 6..

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 6/25/2006
Time: 3:39:47 PM
User: N/A
Computer: ACER-885E81581C
Description:
The device, \Device\Harddisk0\D, has a bad block.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 40 46 65 06 00 00 00 [EMAIL=".@Fe"].@Fe[/EMAIL]....
0028: 07 46 d8 01 00 00 00 00 .FØ.....
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 e0 dd ae 86 ....àÝ®
0058: 00 00 00 00 28 08 f2 84 ....(.ò
0060: 02 00 00 00 20 a3 32 03 .... £2.
0068: 28 00 03 32 a3 20 00 00 (..2£ ..
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

I don't know if you wanted me to post all of the variations of the errors. I think that the ones I have posted were what the majority of them were. Please let me know if you want me to search for all the different ones. Thanks for all of your help

DMR are you considering Viewpoint manager to be malicious, because its in his log just so you know.

DMR are you considering Viewpoint manager to be malicious, because its in his log just so you know.

Yeah- I space on that one a lot, but it should go. Thanks for the eyes.

sdeguzman,

This isn't related to your primary problem, but you should open your Add/Remove Programs control panel, hilight the Viewpoint package, and click the "Remove" button.
(I'm still looking for a solution that directly relates to your AU/esent crashes)

thanks for helping.. i found a post when i was trying to search for a solution. here's the link: http://www.daniweb.com/techtalkforums/thread20973.html, the person who posted this seemed to have the same problem, but it's probably unique for each user. I don't know if it may help

can anyone help me with my problem? I deleted everything from my TEMP folder and deleted the viewpoint files out of my computer. Is there anything I can do to stop the error boxes from appearing?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.