Malware nightmare

Resolved
By tstadt
Dec 22, 2012
Topic Status:
Not open for further replies.
  1. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    After downloading in Normal Mode I tried to run as administrator since I'm running Vista. It came back as program not found. When I just double clicked the icon the box did come up, I completed as explained and hit run. I receive a Run-time error '75': Path/File access error. I then booted into Safe Mode and ran the program. Here is the log info: (file also attached)
    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 03/01/2013 11:12:16 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 04/01/2013 4:09:39 AM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 04/01/2013 4:07:42 AM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 04/01/2013 3:51:00 AM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
    Type: Error Category: 0
    Event: 1017 Source: Microsoft-Windows-Perflib
    Disabled performance counter data collection from the "PolicyAgent" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

    Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
    Type: Error Category: 0
    Event: 1005 Source: Microsoft-Windows-Perflib
    Unable to locate the open procedure "OpenIPSecPerformanceData" in DLL "C:\Windows\System32\ipsecsvc.dll" for the "PolicyAgent" service. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
    Type: Error Category: 0
    Event: 1010 Source: Microsoft-Windows-Perflib
    The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

    Log: 'Application' Date/Time: 02/01/2013 9:01:49 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:59:50 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:57:48 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:55:55 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:53:39 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:51:39 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 8:40:10 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x509b4379, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x509b4379, exception code 0xc0000005, fault offset 0x00002c90, process id 0x184, application start time 0x01cde9295a9c466f.

    Log: 'Application' Date/Time: 02/01/2013 7:43:34 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application jZip.exe, version 1.3.0.0, time stamp 0x4decb266, faulting module jZip.exe, version 1.3.0.0, time stamp 0x4decb266, exception code 0xc0000005, fault offset 0x000168cc, process id 0x1374, application start time 0x01cde920e62845ca.

    Log: 'Application' Date/Time: 02/01/2013 2:50:15 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 2:47:43 PM
    Type: Error Category: 16
    Event: 4609 Source: Microsoft-Windows-EventSystem
    The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

    Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
    Type: Error Category: 0
    Event: 8193 Source: System Restore
    Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).

    Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
    Type: Error Category: 0
    Event: 8193 Source: VSS
    Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

    Operation:
    Instantiating VSS server

    Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
    Type: Error Category: 0
    Event: 13 Source: VSS
    Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x8007041d]

    Operation:
    Instantiating VSS server

    Log: 'Application' Date/Time: 02/01/2013 5:42:37 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application vssvc.exe, version 6.0.6002.18005, time stamp 0x49e01f2c, faulting module credui.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xb3c, application start time 0x01cde8abf8bb339c.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 04/01/2013 4:09:28 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 4:08:01 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 4:08:00 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 4:07:32 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 3:51:22 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 3:51:20 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 04/01/2013 3:50:50 AM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 10:15:42 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 10:15:41 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 9:01:38 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 9:00:05 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 9:00:04 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:59:40 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:58:10 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:58:09 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:57:38 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:56:12 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:56:11 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:55:45 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 02/01/2013 8:54:18 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 30/12/2012 3:28:25 AM
    Type: Critical Category: 0
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 04/01/2013 4:10:02 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6

    Log: 'System' Date/Time: 04/01/2013 4:10:02 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    Log: 'System' Date/Time: 04/01/2013 4:09:42 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

    Log: 'System' Date/Time: 04/01/2013 4:09:39 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Log: 'System' Date/Time: 04/01/2013 4:09:29 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    Log: 'System' Date/Time: 04/01/2013 4:07:42 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Log: 'System' Date/Time: 04/01/2013 4:07:34 AM
    Type: Error Category: 0
    Event: 10005 Source: Microsoft-Windows-DistributedCOM
    DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

    Log: 'System' Date/Time: 04/01/2013 4:05:40 AM
    Type: Error Category: 0
    Event: 10010 Source: Microsoft-Windows-DistributedCOM
    The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

    Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Telephony service terminated with the following error: The specified module could not be found.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 04/01/2013 4:08:40 AM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 04/01/2013 4:08:02 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 04/01/2013 4:06:27 AM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 04/01/2013 4:05:46 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 04/01/2013 3:51:23 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 04/01/2013 3:49:41 AM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 04/01/2013 3:30:16 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 04/01/2013 3:29:05 AM
    Type: Warning Category: 0
    Event: 7039 Source: Service Control Manager
    A service process other than the one launched by the Service Control Manager connected when starting the Google Update Service (gupdate) service. The Service Control Manager launched process 5032 and process 5788 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

    Log: 'System' Date/Time: 04/01/2013 3:28:53 AM
    Type: Warning Category: 0
    Event: 1003 Source: Microsoft-Windows-Dhcp-Client
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00197EA035B3. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    Log: 'System' Date/Time: 04/01/2013 3:28:50 AM
    Type: Warning Category: 0
    Event: 36 Source: Microsoft-Windows-Time-Service
    The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

    Log: 'System' Date/Time: 04/01/2013 3:28:46 AM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 02/01/2013 10:15:43 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 02/01/2013 9:00:44 PM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 02/01/2013 9:00:06 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 02/01/2013 8:58:48 PM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 02/01/2013 8:58:11 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 02/01/2013 8:56:51 PM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 02/01/2013 8:56:13 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 02/01/2013 8:54:56 PM
    Type: Warning Category: 0
    Event: 4 Source: bcm4sbxp
    Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 02/01/2013 8:54:19 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Attached Files:

    • VEW.txt
      File size:
      23 KB
      Views:
      0
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    SVCHOST.exe diagnostics

    Download and run SVCHOST Diag.

    Post the log from it when it launches.
  3. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    SVCHOST Diag



    ~~~~~Services loaded under SVCHOST~~~~~


    Image Name: svchost.exe
    PID: 780
    Services: DcomLaunch
    PlugPlay

    Image Name: svchost.exe
    PID: 836
    Services: RpcSs

    Image Name: svchost.exe
    PID: 924
    Services: Dhcp
    Eventlog
    lmhosts

    Image Name: svchost.exe
    PID: 948
    Services: EapHost
    ProfSvc
    Winmgmt

    Image Name: svchost.exe
    PID: 988
    Services: Netman
    Wlansvc
    wudfsvc

    Image Name: svchost.exe
    PID: 1024
    Services: Dnscache
    NlaSvc

    Image Name: svchost.exe
    PID: 1040
    Services: LanmanWorkstation
    netprofm
    nsi

    Image Name: svchost.exe
    PID: 1204
    Services: BFE
    MpsSvc


    ~~~~~Modules loaded under SVCHOST~~~~~


    Image Name: svchost.exe
    PID: 780
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    umpnpmgr.dll
    USER32.dll
    GDI32.dll
    USERENV.dll
    Secur32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    POWRPROF.dll
    GPAPI.dll
    slc.dll
    rpcss.dll
    WS2_32.dll
    NSI.dll
    FirewallAPI.dll
    OLEAUT32.dll
    ole32.dll
    VERSION.dll
    CRYPT32.dll
    MSASN1.dll
    credssp.dll
    schannel.dll
    NETAPI32.dll
    PSAPI.DLL
    SETUPAPI.dll
    CLBCatQ.DLL
    Cabinet.dll
    NTMARTA.DLL
    WLDAP32.dll
    SAMLIB.dll
    WINSTA.dll
    WTSAPI32.dll

    Image Name: svchost.exe
    PID: 836
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    rpcss.dll
    WS2_32.dll
    NSI.dll
    Secur32.dll
    FirewallAPI.dll
    USER32.dll
    GDI32.dll
    OLEAUT32.dll
    ole32.dll
    VERSION.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    CRYPT32.dll
    MSASN1.dll
    USERENV.dll
    credssp.dll
    schannel.dll
    NETAPI32.dll
    PSAPI.DLL
    rsaenh.dll
    mswsock.dll
    wshtcpip.dll
    wship6.dll
    CLBCatQ.DLL
    fwpuclnt.dll

    Image Name: svchost.exe
    PID: 924
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    wevtsvc.dll
    USERENV.dll
    Secur32.dll
    USER32.dll
    GDI32.dll
    VERSION.dll
    GPAPI.dll
    slc.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    CRYPT32.dll
    MSASN1.dll
    credssp.dll
    schannel.dll
    NETAPI32.dll
    PSAPI.DLL
    WS2_32.dll
    NSI.dll
    mswsock.dll
    wshtcpip.dll
    wship6.dll
    lmhsvc.dll
    IPHLPAPI.DLL
    dhcpcsvc.DLL
    DNSAPI.dll
    WINNSI.DLL
    dhcpcsvc6.DLL

    Image Name: svchost.exe
    PID: 948
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    NTMARTA.DLL
    USER32.dll
    GDI32.dll
    WLDAP32.dll
    WS2_32.dll
    NSI.dll
    PSAPI.DLL
    SAMLIB.dll
    ole32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    profsvc.dll
    SYSNTFY.dll
    USERENV.dll
    Secur32.dll
    nlaapi.dll
    IPHLPAPI.DLL
    dhcpcsvc.DLL
    DNSAPI.dll
    WINNSI.DLL
    dhcpcsvc6.DLL
    ATL.DLL
    eapsvc.dll
    eapphost.dll
    OLEAUT32.dll
    rsaenh.dll
    CLBCatQ.DLL
    umb.dll
    SETUPAPI.dll
    WINTRUST.dll
    CRYPT32.dll
    MSASN1.dll
    imagehlp.dll
    wmisvc.dll
    wbemcomn.dll
    VSSAPI.DLL
    vsstrace.dll
    AUTHZ.dll
    XmlLite.dll
    NETAPI32.dll
    MPR.dll
    wbemcore.dll
    esscli.dll
    FastProx.dll
    NTDSAPI.dll
    wbemsvc.dll
    wmiutils.dll
    repdrvfs.dll
    wmiprvsd.dll
    NCObjAPI.DLL
    wbemess.dll
    ncprov.dll

    Image Name: svchost.exe
    PID: 988
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    NTMARTA.DLL
    USER32.dll
    GDI32.dll
    WLDAP32.dll
    WS2_32.dll
    NSI.dll
    PSAPI.DLL
    SAMLIB.dll
    ole32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    wudfsvc.dll
    SETUPAPI.dll
    OLEAUT32.dll
    WUDFPlatform.dll
    VERSION.dll
    WINTRUST.dll
    CRYPT32.dll
    MSASN1.dll
    USERENV.dll
    Secur32.dll
    imagehlp.dll
    wlansvc.dll
    WTSAPI32.dll
    NETAPI32.dll
    SHELL32.dll
    SHLWAPI.dll
    WLANMSM.DLL
    WLANSEC.dll
    OneX.DLL
    eappprxy.dll
    eappcfg.dll
    gdiplus.dll
    DUser.dll
    UxTheme.dll
    OLEACC.dll
    AUTHZ.dll
    dhcpcsvc.DLL
    DNSAPI.dll
    WINNSI.DLL
    wlgpclnt.dll
    l2gpstore.dll
    wlanutil.dll
    SYSNTFY.dll
    WinSCard.dll
    WINSTA.dll
    IPHLPAPI.DLL
    dhcpcsvc6.DLL
    bcrypt.dll
    comctl32.dll
    CLBCatQ.DLL
    msxml6.dll
    rsaenh.dll
    credssp.dll
    schannel.dll
    kerberos.dll
    cryptdll.dll
    netman.dll
    RASAPI32.dll
    rasman.dll
    TAPI32.dll
    rtutils.dll
    WINMM.dll
    netcfgx.dll
    slc.dll
    Cabinet.dll
    netshell.dll
    nlaapi.dll
    hnetcfg.dll
    ATL.DLL
    GPAPI.dll
    WINHTTP.dll
    mswsock.dll
    wshtcpip.dll
    wbemprox.dll
    wbemcomn.dll
    wbemsvc.dll
    fastprox.dll
    NTDSAPI.dll

    Image Name: svchost.exe
    PID: 1024
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    NTMARTA.DLL
    USER32.dll
    GDI32.dll
    WLDAP32.dll
    WS2_32.dll
    NSI.dll
    PSAPI.DLL
    SAMLIB.dll
    ole32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    dnsrslvr.dll
    DNSAPI.dll
    dhcpcsvc.DLL
    Secur32.dll
    WINNSI.DLL
    dhcpcsvc6.DLL
    IPHLPAPI.DLL
    mswsock.dll
    wship6.dll
    nlasvc.dll
    wevtapi.dll
    NETAPI32.dll
    ncsi.dll
    WINHTTP.dll
    SHLWAPI.dll
    WTSAPI32.dll
    bcrypt.dll
    CFGMGR32.dll
    setupapi.DLL
    OLEAUT32.dll
    comctl32.dll
    CRYPT32.dll
    MSASN1.dll
    USERENV.dll
    credssp.dll
    schannel.dll
    ssdpapi.dll
    WINSTA.dll
    wshtcpip.dll

    Image Name: svchost.exe
    PID: 1040
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    NTMARTA.DLL
    USER32.dll
    GDI32.dll
    WLDAP32.dll
    WS2_32.dll
    NSI.dll
    PSAPI.DLL
    SAMLIB.dll
    ole32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    nsisvc.dll
    secur32.dll
    CRYPT32.dll
    MSASN1.dll
    USERENV.dll
    credssp.dll
    schannel.dll
    NETAPI32.dll
    wkssvc.dll
    IPHLPAPI.DLL
    dhcpcsvc.DLL
    DNSAPI.dll
    WINNSI.DLL
    dhcpcsvc6.DLL
    NTDSAPI.dll
    WINBRAND.dll
    netprofm.dll
    OLEAUT32.dll
    GPAPI.dll
    slc.dll
    nlaapi.dll
    rsaenh.dll
    CLBCatQ.DLL
    npmproxy.dll
    WINTRUST.dll
    imagehlp.dll

    Image Name: svchost.exe
    PID: 1204
    Modules: ntdll.dll
    kernel32.dll
    msvcrt.dll
    ADVAPI32.dll
    RPCRT4.dll
    bfe.dll
    AUTHZ.dll
    Secur32.dll
    USER32.dll
    GDI32.dll
    IMM32.DLL
    MSCTF.dll
    LPK.DLL
    USP10.dll
    mpssvc.dll
    FirewallAPI.dll
    OLEAUT32.dll
    ole32.dll
    VERSION.dll
    nlaapi.dll
    IPHLPAPI.DLL
    dhcpcsvc.DLL
    DNSAPI.dll
    WS2_32.dll
    NSI.dll
    WINNSI.DLL
    dhcpcsvc6.DLL
    CRYPT32.dll
    MSASN1.dll
    USERENV.dll
    bcrypt.dll
    WTSAPI32.dll
    SHLWAPI.dll
    fwpuclnt.dll
    comctl32.dll
    credssp.dll
    schannel.dll
    NETAPI32.dll
    PSAPI.DLL
    GPAPI.dll
    slc.dll
    wfapigp.dll
    ntmarta.dll
    WLDAP32.dll
    SAMLIB.dll
    CLBCatQ.DLL
    rsaenh.dll
    npmproxy.dll
    mswsock.dll
    wshtcpip.dll
    wship6.dll


    ~~~~~SVCHOST service~~~~~

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
    "LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
    00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
    6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
    00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
    76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
    00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
    00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
    00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
    61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
    00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
    69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
    00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
    6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
    00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
    51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
    00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
    73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
    "LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
    00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
    73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
    00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
    64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
    00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
    63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
    00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
    00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
    00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
    61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
    00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
    00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
    00
    "NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
    41,00,67,00,65,00,6e,00,74,00,00,00,00,00
    "LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
    42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
    00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
    "NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
    44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
    00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
    53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
    00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
    6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
    00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
    "termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
    65,00,00,00,00,00
    "WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
    "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
    63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
    00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
    72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
    00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
    6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
    00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
    64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
    00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
    6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
    00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
    61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
    00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
    4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
    00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
    00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
    00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
    61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
    00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
    57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
    00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
    77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
    00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
    63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
    00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
    68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
    00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
    63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
    00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
    69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
    00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
    69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
    00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
    76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
    00,73,00,76,00,63,00,00,00,00,00
    "swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
    "LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
    00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
    53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
    00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
    76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
    00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
    50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
    00
    "rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
    "regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
    00,74,00,72,00,79,00,00,00,00,00
    "wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
    00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
    "DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
    00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
    "wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
    00,6f,00,73,00,74,00,00,00,00,00
    "sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
    "imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
    "secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
    00,00
    "HPZ12"=hex(7):50,00,6d,00,6c,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,20,\
    00,48,00,50,00,5a,00,31,00,32,00,00,00,4e,00,65,00,74,00,20,00,44,00,72,00,\
    69,00,76,00,65,00,72,00,20,00,48,00,50,00,5a,00,31,00,32,00,00,00,00,00
    "hpdevmgmt"=hex(7):68,00,70,00,71,00,63,00,78,00,73,00,30,00,38,00,00,00,68,00,\
    70,00,71,00,64,00,64,00,73,00,76,00,63,00,00,00,00,00
    "GPSvcGroup"=hex(7):47,00,50,00,53,00,76,00,63,00,00,00,00,00
    "LocalServiceAndNoImpersonation"=hex(7):46,00,6f,00,6e,00,74,00,43,00,61,00,63,\
    00,68,00,65,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup]
    "AuthenticationCapabilities"=dword:00003020
    "CoInitializeSecurityParam"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
    "AuthenticationCapabilities"=dword:00002000
    "CoInitializeSecurityParam"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
    "CoInitializeSecurityParam"=dword:00000001
    "AuthenticationCapabilities"=dword:00002000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
    "DefaultRpcStackSize"=dword:00000040

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
    "CoInitializeSecurityParam"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
    "AuthenticationCapabilities"=dword:00003020
    "CoInitializeSecurityParam"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
    "CoInitializeSecurityParam"=dword:00000001
    "DefaultRpcStackSize"=dword:0000001c

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
    "CoInitializeSecurityParam"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
    "CoInitializeSecurityParam"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
    "CoInitializeSecurityParam"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
    "CoInitializeSecurityParam"=dword:00000001
    "CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
    "AuthenticationCapabilities"=dword:00003020
    "CoInitializeSecurityParam"=dword:00000001



    ~~~~~SVCHOST MD5~~~~~

    3794B461C45882E06856F282EEF025AF C:\Windows\system32\svchost.exe


    ~~~~~END OF FILE!~~~~~
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  5. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    First I am not 100% sure that I have the right installation CD or if the CD has SP2. I inserted the CD. The folder came up. I clicked on AUTORCD. I got the same specific procedure could not be found error that I get whenever I try to run Tuneup Utilities or Malwarebytes, etc. I did all of this in Normal Mode since the instructions indicated that you could not perform the repair from Safe Mode.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  7. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    In Normal Mode the System Update Readiness tool downloaded but did not run. Again received the procedure not found error. I will try running it in Safe Mode.
  8. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    Tried it from Safe Mode and received error that it cannot be run in Safe Mode.
    Ran the ESET Services Repair tool and notice no change.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Verifier:
    in an elevated (run as admin) CMD prompt:
    VERIFIER /FLAGS 1 /ALL
    <reboot>

    Please upload any minidumps from subsequent crashes for analysis.
    Afterwards, when this is all over, go back to default settings by running:
    VERIFIER /RESET
  10. tstadt

    tstadt Newcomer, in training Topic Starter Posts: 37

    If I run that in Normal Mode I again get a procedure not found. Should I bother to run that in Safe Mode?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    There are some serious corruption issues in your operating system. I highly recommend wiping clean and reinstalling. I try my best to not recommend that, but this is serious. :eek:
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.