Resolved Malware nightmare

Status
Not open for further replies.
After downloading in Normal Mode I tried to run as administrator since I'm running Vista. It came back as program not found. When I just double clicked the icon the box did come up, I completed as explained and hit run. I receive a Run-time error '75': Path/File access error. I then booted into Safe Mode and ran the program. Here is the log info: (file also attached)
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/01/2013 11:12:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2013 4:09:39 AM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 04/01/2013 4:07:42 AM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 04/01/2013 3:51:00 AM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
Type: Error Category: 0
Event: 1017 Source: Microsoft-Windows-Perflib
Disabled performance counter data collection from the "PolicyAgent" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-Perflib
Unable to locate the open procedure "OpenIPSecPerformanceData" in DLL "C:\Windows\System32\ipsecsvc.dll" for the "PolicyAgent" service. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 02/01/2013 9:19:44 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 02/01/2013 9:01:49 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:59:50 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:57:48 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:55:55 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:53:39 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:51:39 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 8:40:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x509b4379, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x509b4379, exception code 0xc0000005, fault offset 0x00002c90, process id 0x184, application start time 0x01cde9295a9c466f.

Log: 'Application' Date/Time: 02/01/2013 7:43:34 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application jZip.exe, version 1.3.0.0, time stamp 0x4decb266, faulting module jZip.exe, version 1.3.0.0, time stamp 0x4decb266, exception code 0xc0000005, fault offset 0x000168cc, process id 0x1374, application start time 0x01cde920e62845ca.

Log: 'Application' Date/Time: 02/01/2013 2:50:15 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 2:47:43 PM
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x8000ffff).

Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Operation:
Instantiating VSS server

Log: 'Application' Date/Time: 02/01/2013 5:42:42 AM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x8007041d]

Operation:
Instantiating VSS server

Log: 'Application' Date/Time: 02/01/2013 5:42:37 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application vssvc.exe, version 6.0.6002.18005, time stamp 0x49e01f2c, faulting module credui.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xb3c, application start time 0x01cde8abf8bb339c.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2013 4:09:28 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 4:08:01 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 4:08:00 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 4:07:32 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 3:51:22 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 3:51:20 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 04/01/2013 3:50:50 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 10:15:42 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 10:15:41 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 9:01:38 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 9:00:05 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 9:00:04 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:59:40 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:58:10 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:58:09 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:57:38 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:56:12 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:56:11 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:55:45 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 02/01/2013 8:54:18 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2012 3:28:25 AM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/01/2013 4:10:02 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6

Log: 'System' Date/Time: 04/01/2013 4:10:02 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 04/01/2013 4:09:42 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 04/01/2013 4:09:39 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 04/01/2013 4:09:29 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 04/01/2013 4:07:42 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 04/01/2013 4:07:34 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 04/01/2013 4:05:40 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:24 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The specified module could not be found.

Log: 'System' Date/Time: 04/01/2013 4:02:23 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/01/2013 4:08:40 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 04/01/2013 4:08:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/01/2013 4:06:27 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 04/01/2013 4:05:46 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/01/2013 3:51:23 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/01/2013 3:49:41 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 04/01/2013 3:30:16 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/01/2013 3:29:05 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Google Update Service (gupdate) service. The Service Control Manager launched process 5032 and process 5788 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 04/01/2013 3:28:53 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00197EA035B3. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 04/01/2013 3:28:50 AM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 04/01/2013 3:28:46 AM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/01/2013 10:15:43 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 9:00:44 PM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/01/2013 9:00:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 8:58:48 PM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/01/2013 8:58:11 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 8:56:51 PM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/01/2013 8:56:13 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 8:54:56 PM
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/01/2013 8:54:19 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 

Attachments

  • VEW.txt
    23 KB · Views: 0
SVCHOST Diag



~~~~~Services loaded under SVCHOST~~~~~


Image Name: svchost.exe
PID: 780
Services: DcomLaunch
PlugPlay

Image Name: svchost.exe
PID: 836
Services: RpcSs

Image Name: svchost.exe
PID: 924
Services: Dhcp
Eventlog
lmhosts

Image Name: svchost.exe
PID: 948
Services: EapHost
ProfSvc
Winmgmt

Image Name: svchost.exe
PID: 988
Services: Netman
Wlansvc
wudfsvc

Image Name: svchost.exe
PID: 1024
Services: Dnscache
NlaSvc

Image Name: svchost.exe
PID: 1040
Services: LanmanWorkstation
netprofm
nsi

Image Name: svchost.exe
PID: 1204
Services: BFE
MpsSvc


~~~~~Modules loaded under SVCHOST~~~~~


Image Name: svchost.exe
PID: 780
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
umpnpmgr.dll
USER32.dll
GDI32.dll
USERENV.dll
Secur32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
POWRPROF.dll
GPAPI.dll
slc.dll
rpcss.dll
WS2_32.dll
NSI.dll
FirewallAPI.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
SETUPAPI.dll
CLBCatQ.DLL
Cabinet.dll
NTMARTA.DLL
WLDAP32.dll
SAMLIB.dll
WINSTA.dll
WTSAPI32.dll

Image Name: svchost.exe
PID: 836
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
rpcss.dll
WS2_32.dll
NSI.dll
Secur32.dll
FirewallAPI.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
rsaenh.dll
mswsock.dll
wshtcpip.dll
wship6.dll
CLBCatQ.DLL
fwpuclnt.dll

Image Name: svchost.exe
PID: 924
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wevtsvc.dll
USERENV.dll
Secur32.dll
USER32.dll
GDI32.dll
VERSION.dll
GPAPI.dll
slc.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
WS2_32.dll
NSI.dll
mswsock.dll
wshtcpip.dll
wship6.dll
lmhsvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL

Image Name: svchost.exe
PID: 948
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
profsvc.dll
SYSNTFY.dll
USERENV.dll
Secur32.dll
nlaapi.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
ATL.DLL
eapsvc.dll
eapphost.dll
OLEAUT32.dll
rsaenh.dll
CLBCatQ.DLL
umb.dll
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
imagehlp.dll
wmisvc.dll
wbemcomn.dll
VSSAPI.DLL
vsstrace.dll
AUTHZ.dll
XmlLite.dll
NETAPI32.dll
MPR.dll
wbemcore.dll
esscli.dll
FastProx.dll
NTDSAPI.dll
wbemsvc.dll
wmiutils.dll
repdrvfs.dll
wmiprvsd.dll
NCObjAPI.DLL
wbemess.dll
ncprov.dll

Image Name: svchost.exe
PID: 988
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
wudfsvc.dll
SETUPAPI.dll
OLEAUT32.dll
WUDFPlatform.dll
VERSION.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
Secur32.dll
imagehlp.dll
wlansvc.dll
WTSAPI32.dll
NETAPI32.dll
SHELL32.dll
SHLWAPI.dll
WLANMSM.DLL
WLANSEC.dll
OneX.DLL
eappprxy.dll
eappcfg.dll
gdiplus.dll
DUser.dll
UxTheme.dll
OLEACC.dll
AUTHZ.dll
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
wlgpclnt.dll
l2gpstore.dll
wlanutil.dll
SYSNTFY.dll
WinSCard.dll
WINSTA.dll
IPHLPAPI.DLL
dhcpcsvc6.DLL
bcrypt.dll
comctl32.dll
CLBCatQ.DLL
msxml6.dll
rsaenh.dll
credssp.dll
schannel.dll
kerberos.dll
cryptdll.dll
netman.dll
RASAPI32.dll
rasman.dll
TAPI32.dll
rtutils.dll
WINMM.dll
netcfgx.dll
slc.dll
Cabinet.dll
netshell.dll
nlaapi.dll
hnetcfg.dll
ATL.DLL
GPAPI.dll
WINHTTP.dll
mswsock.dll
wshtcpip.dll
wbemprox.dll
wbemcomn.dll
wbemsvc.dll
fastprox.dll
NTDSAPI.dll

Image Name: svchost.exe
PID: 1024
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
dnsrslvr.dll
DNSAPI.dll
dhcpcsvc.DLL
Secur32.dll
WINNSI.DLL
dhcpcsvc6.DLL
IPHLPAPI.DLL
mswsock.dll
wship6.dll
nlasvc.dll
wevtapi.dll
NETAPI32.dll
ncsi.dll
WINHTTP.dll
SHLWAPI.dll
WTSAPI32.dll
bcrypt.dll
CFGMGR32.dll
setupapi.DLL
OLEAUT32.dll
comctl32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
ssdpapi.dll
WINSTA.dll
wshtcpip.dll

Image Name: svchost.exe
PID: 1040
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
nsisvc.dll
secur32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
wkssvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
NTDSAPI.dll
WINBRAND.dll
netprofm.dll
OLEAUT32.dll
GPAPI.dll
slc.dll
nlaapi.dll
rsaenh.dll
CLBCatQ.DLL
npmproxy.dll
WINTRUST.dll
imagehlp.dll

Image Name: svchost.exe
PID: 1204
Modules: ntdll.dll
kernel32.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
bfe.dll
AUTHZ.dll
Secur32.dll
USER32.dll
GDI32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
mpssvc.dll
FirewallAPI.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
nlaapi.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WS2_32.dll
NSI.dll
WINNSI.DLL
dhcpcsvc6.DLL
CRYPT32.dll
MSASN1.dll
USERENV.dll
bcrypt.dll
WTSAPI32.dll
SHLWAPI.dll
fwpuclnt.dll
comctl32.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
GPAPI.dll
slc.dll
wfapigp.dll
ntmarta.dll
WLDAP32.dll
SAMLIB.dll
CLBCatQ.DLL
rsaenh.dll
npmproxy.dll
mswsock.dll
wshtcpip.dll
wship6.dll


~~~~~SVCHOST service~~~~~

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
00,73,00,76,00,63,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
"wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
00,6f,00,73,00,74,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
"HPZ12"=hex(7):50,00,6d,00,6c,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,20,\
00,48,00,50,00,5a,00,31,00,32,00,00,00,4e,00,65,00,74,00,20,00,44,00,72,00,\
69,00,76,00,65,00,72,00,20,00,48,00,50,00,5a,00,31,00,32,00,00,00,00,00
"hpdevmgmt"=hex(7):68,00,70,00,71,00,63,00,78,00,73,00,30,00,38,00,00,00,68,00,\
70,00,71,00,64,00,64,00,73,00,76,00,63,00,00,00,00,00
"GPSvcGroup"=hex(7):47,00,50,00,53,00,76,00,63,00,00,00,00,00
"LocalServiceAndNoImpersonation"=hex(7):46,00,6f,00,6e,00,74,00,43,00,61,00,63,\
00,68,00,65,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
"DefaultRpcStackSize"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
"CoInitializeSecurityParam"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001



~~~~~SVCHOST MD5~~~~~

3794B461C45882E06856F282EEF025AF C:\Windows\system32\svchost.exe


~~~~~END OF FILE!~~~~~
 
First I am not 100% sure that I have the right installation CD or if the CD has SP2. I inserted the CD. The folder came up. I clicked on AUTORCD. I got the same specific procedure could not be found error that I get whenever I try to run Tuneup Utilities or Malwarebytes, etc. I did all of this in Normal Mode since the instructions indicated that you could not perform the repair from Safe Mode.
 
In Normal Mode the System Update Readiness tool downloaded but did not run. Again received the procedure not found error. I will try running it in Safe Mode.
 
Tried it from Safe Mode and received error that it cannot be run in Safe Mode.
Ran the ESET Services Repair tool and notice no change.
 
Verifier:
in an elevated (run as admin) CMD prompt:
VERIFIER /FLAGS 1 /ALL
<reboot>

Please upload any minidumps from subsequent crashes for analysis.
Afterwards, when this is all over, go back to default settings by running:
VERIFIER /RESET
 
If I run that in Normal Mode I again get a procedure not found. Should I bother to run that in Safe Mode?
 
There are some serious corruption issues in your operating system. I highly recommend wiping clean and reinstalling. I try my best to not recommend that, but this is serious. :eek:
 
Status
Not open for further replies.

Similar threads

D
Google Chrome gets real-time phishing and malware protection with upgraded Safe Browsing...
Replies
7
Views
250
Evrsr
E
D
Wifi suddenly stopped working but ethernet works
Replies
1
Views
488
learninmypc
learninmypc
AlexGrama7
Unable to Connect External Monitor via USB-C on Lenovo Legion 5 (15ARH05H)
Replies
3
Views
937
AlexGrama7
AlexGrama7

Latest posts

Back