|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
February 18th 05, 07:49 PM
|
|||
|
|||
Error: loader couldn't initialize service.
XP Home sp2 Build2600.
At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx. 
|
| Ads |
|
#2
February 19th 05, 02:29 AM
|
|||
|
|||
|
Error: loader couldn't initialize service.
No need for screen shots from the Event Viewer. Click the Copy button and
paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#3
February 19th 05, 03:47 AM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Ok, yea,lots of good info here, thanx. Here is the only error showing in the
event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#4
February 19th 05, 04:23 AM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Looks like you have SCUMWARE. Bargain Buddy.
http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#5
February 19th 05, 03:37 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware
including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error  I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#6
February 19th 05, 04:33 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Scott,
Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#7
February 19th 05, 11:23 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had
been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#8
February 19th 05, 11:45 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Just a thought. I have used a maintenence program for Win98 that rebuilt the
registry. I wonder if it will work for XP? Her Is the procedu 11.When your computer restarts,hold down the "control" key after the "post" window. At the DOS menu choose(5)command prompt only. At the C:\ prompt type scanreg /fix (with the space between g and /.Hit "enter" and it will take off...When it tells you(hopefully:-) )that "windows has fixed your registry",hit "enter".At the prompt,type win and hit enter to return to windows. Running this scanreg program compacts the registry after Reg Cleaner may have removed junk and left empty space as well as possibly doing some repairs... I know that instead of the control key you use f5 or f8 to enter safe mode but do you think this will work for XP? "Onemac" wrote: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#9
February 20th 05, 04:35 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
NO! Scanreg.exe and scanregw.exe are for Windows 98 & Millennium, not XP.
-- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In news 
Onemac hunted and pecked:Just a thought. I have used a maintenence program for Win98 that rebuilt the registry. I wonder if it will work for XP? Her Is the procedu 11.When your computer restarts,hold down the "control" key after the "post" window. At the DOS menu choose(5)command prompt only. At the C:\ prompt type scanreg /fix (with the space between g and /.Hit "enter" and it will take off...When it tells you(hopefully:-) )that "windows has fixed your registry",hit "enter".At the prompt,type win and hit enter to return to windows. Running this scanreg program compacts the registry after Reg Cleaner may have removed junk and left empty space as well as possibly doing some repairs... I know that instead of the control key you use f5 or f8 to enter safe mode but do you think this will work for XP? "Onemac" wrote: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#10
February 20th 05, 04:35 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Scott,
If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#11
February 20th 05, 06:21 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Yes, that is the key and no, it didn't help. However, SUCCESS AT LAST! I opened task manager and searched each process in order to verify it. I searched for one, antivirus.exe, and found there was no folder associated with it. Well, since McAfee was working correctly, I googled it and came upon a web site tthat offered a little program called 'Anti-Spy.Info'. What luck, this program does exactly what I was doing manually and much more. I downloaded the trial version http://anti-spy.info/, and voila, this antispyware.exe that was stuck in Processes is what was causing the error message! I was also able to check and confidently remove a process that I've been wondering about for some time (PRISM\Apply). All is running fine now thanx to you and a little luck. Iwill disable IPSEC Services just becuz. I do have one more question though. Last night I was trying to make a boot floppy and could not find Boot.ini in the root directory. I did find a backup copy at %system%pss. Had a heck of a time making it work (think because it had 'backup' attached to the file name. My final solution was to copy it then rename it simply 'boot'. Now it works fine. Won't work at all if the file name is 'boot.ini'. What's up with that? Well, Thanx again and happy surfing! Scott. "Wesley Vogel" wrote: Scott, If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#12
February 20th 05, 06:56 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Scott,
antivirus.exe is a WORM! Your machine won't boot without the boot.ini file. If you have Hide extensions for known file types turned on, boot.ini will show as just boot. Open Folder Options... Start | Run | Type: control folders | OK | View tab | UNCheck: Hide extensions for known file types | Apply | OK Microsoft's explanation... Hide extensions for known file types [[Hides the last part of a file name, reducing clutter in folder windows.]] What is or where is %system%pss? Never mind. C:\WINDOWS\pss or %systemroot%\pss -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Yes, that is the key and no, it didn't help. However, SUCCESS AT LAST! I opened task manager and searched each process in order to verify it. I searched for one, antivirus.exe, and found there was no folder associated with it. Well, since McAfee was working correctly, I googled it and came upon a web site tthat offered a little program called 'Anti-Spy.Info'. What luck, this program does exactly what I was doing manually and much more. I downloaded the trial version http://anti-spy.info/, and voila, this antispyware.exe that was stuck in Processes is what was causing the error message! I was also able to check and confidently remove a process that I've been wondering about for some time (PRISM\Apply). All is running fine now thanx to you and a little luck. Iwill disable IPSEC Services just becuz. I do have one more question though. Last night I was trying to make a boot floppy and could not find Boot.ini in the root directory. I did find a backup copy at %system%pss. Had a heck of a time making it work (think because it had 'backup' attached to the file name. My final solution was to copy it then rename it simply 'boot'. Now it works fine. Won't work at all if the file name is 'boot.ini'. What's up with that? Well, Thanx again and happy surfing! Scott. "Wesley Vogel" wrote: Scott, If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#13
February 20th 05, 08:21 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Ok, a worm huh? Wonder why only part of it got removed. No bother. it's gone
now! About that boot file, I'm pretty sure that c:\windows does not contain a boot.ini! That pss file (C:\windows\pss) contains 3 files; Boot.ini.backup, Win.ini.backup and System.ini.backup. I assume that windows is looking here in order to boot. I searched the entire drive with hidden folders included and Boot.ini.backup was the only return! I don't know! Should there be an .ini file in C:\windows? Scott. "Wesley Vogel" wrote: Scott, antivirus.exe is a WORM! Your machine won't boot without the boot.ini file. If you have Hide extensions for known file types turned on, boot.ini will show as just boot. Open Folder Options... Start | Run | Type: control folders | OK | View tab | UNCheck: Hide extensions for known file types | Apply | OK Microsoft's explanation... Hide extensions for known file types [[Hides the last part of a file name, reducing clutter in folder windows.]] What is or where is %system%pss? Never mind. C:\WINDOWS\pss or %systemroot%\pss -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Yes, that is the key and no, it didn't help. However, SUCCESS AT LAST! I opened task manager and searched each process in order to verify it. I searched for one, antivirus.exe, and found there was no folder associated with it. Well, since McAfee was working correctly, I googled it and came upon a web site tthat offered a little program called 'Anti-Spy.Info'. What luck, this program does exactly what I was doing manually and much more. I downloaded the trial version http://anti-spy.info/, and voila, this antispyware.exe that was stuck in Processes is what was causing the error message! I was also able to check and confidently remove a process that I've been wondering about for some time (PRISM\Apply). All is running fine now thanx to you and a little luck. Iwill disable IPSEC Services just becuz. I do have one more question though. Last night I was trying to make a boot floppy and could not find Boot.ini in the root directory. I did find a backup copy at %system%pss. Had a heck of a time making it work (think because it had 'backup' attached to the file name. My final solution was to copy it then rename it simply 'boot'. Now it works fine. Won't work at all if the file name is 'boot.ini'. What's up with that? Well, Thanx again and happy surfing! Scott. "Wesley Vogel" wrote: Scott, If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad | Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#14
February 20th 05, 09:07 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Scott,
Boot.ini should be in C:\ Start | Run | Type: C:\boot.ini -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In news
Onemac hunted and pecked:Ok, a worm huh? Wonder why only part of it got removed. No bother. it's gone now! About that boot file, I'm pretty sure that c:\windows does not contain a boot.ini! That pss file (C:\windows\pss) contains 3 files; Boot.ini.backup, Win.ini.backup and System.ini.backup. I assume that windows is looking here in order to boot. I searched the entire drive with hidden folders included and Boot.ini.backup was the only return! I don't know! Should there be an .ini file in C:\windows? Scott. "Wesley Vogel" wrote: Scott, antivirus.exe is a WORM! Your machine won't boot without the boot.ini file. If you have Hide extensions for known file types turned on, boot.ini will show as just boot. Open Folder Options... Start | Run | Type: control folders | OK | View tab | UNCheck: Hide extensions for known file types | Apply | OK Microsoft's explanation... Hide extensions for known file types [[Hides the last part of a file name, reducing clutter in folder windows.]] What is or where is %system%pss? Never mind. C:\WINDOWS\pss or %systemroot%\pss -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Yes, that is the key and no, it didn't help. However, SUCCESS AT LAST! I opened task manager and searched each process in order to verify it. I searched for one, antivirus.exe, and found there was no folder associated with it. Well, since McAfee was working correctly, I googled it and came upon a web site tthat offered a little program called 'Anti-Spy.Info'. What luck, this program does exactly what I was doing manually and much more. I downloaded the trial version http://anti-spy.info/, and voila, this antispyware.exe that was stuck in Processes is what was causing the error message! I was also able to check and confidently remove a process that I've been wondering about for some time (PRISM\Apply). All is running fine now thanx to you and a little luck. Iwill disable IPSEC Services just becuz. I do have one more question though. Last night I was trying to make a boot floppy and could not find Boot.ini in the root directory. I did find a backup copy at %system%pss. Had a heck of a time making it work (think because it had 'backup' attached to the file name. My final solution was to copy it then rename it simply 'boot'. Now it works fine. Won't work at all if the file name is 'boot.ini'. What's up with that? Well, Thanx again and happy surfing! Scott. "Wesley Vogel" wrote: Scott, If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
#15
February 20th 05, 09:51 PM
|
|||
|
|||
|
Error: loader couldn't initialize service.
Yup, that brings up the file. I just don't understand why I can't physically
see it! Guess it's rather moot. I just know that all is well and life is good! Thanx. Scott. "Wesley Vogel" wrote: Scott, Boot.ini should be in C:\ Start | Run | Type: C:\boot.ini -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In news
Onemac hunted and pecked:Ok, a worm huh? Wonder why only part of it got removed. No bother. it's gone now! About that boot file, I'm pretty sure that c:\windows does not contain a boot.ini! That pss file (C:\windows\pss) contains 3 files; Boot.ini.backup, Win.ini.backup and System.ini.backup. I assume that windows is looking here in order to boot. I searched the entire drive with hidden folders included and Boot.ini.backup was the only return! I don't know! Should there be an .ini file in C:\windows? Scott. "Wesley Vogel" wrote: Scott, antivirus.exe is a WORM! Your machine won't boot without the boot.ini file. If you have Hide extensions for known file types turned on, boot.ini will show as just boot. Open Folder Options... Start | Run | Type: control folders | OK | View tab | UNCheck: Â Hide extensions for known file types | Apply | OK Microsoft's explanation... Hide extensions for known file types [[Hides the last part of a file name, reducing clutter in folder windows.]] What is or where is %system%pss? Never mind. C:\WINDOWS\pss or %systemroot%\pss -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Yes, that is the key and no, it didn't help. However, SUCCESS AT LAST! I opened task manager and searched each process in order to verify it. I searched for one, antivirus.exe, and found there was no folder associated with it. Well, since McAfee was working correctly, I googled it and came upon a web site tthat offered a little program called 'Anti-Spy.Info'. What luck, this program does exactly what I was doing manually and much more. I downloaded the trial version http://anti-spy.info/, and voila, this antispyware.exe that was stuck in Processes is what was causing the error message! I was also able to check and confidently remove a process that I've been wondering about for some time (PRISM\Apply). All is running fine now thanx to you and a little luck. Iwill disable IPSEC Services just becuz. I do have one more question though. Last night I was trying to make a boot floppy and could not find Boot.ini in the root directory. I did find a backup copy at %system%pss. Had a heck of a time making it work (think because it had 'backup' attached to the file name. My final solution was to copy it then rename it simply 'boot'. Now it works fine. Won't work at all if the file name is 'boot.ini'. What's up with that? Well, Thanx again and happy surfing! Scott. "Wesley Vogel" wrote: Scott, If you're not on a network you do not need the IPSEC Services service running. I have XP Pro and I have this disabled. Open Services... Start | Run | Type: services.msc | OK | Scroll down to and double click: IPSEC Services | If it's running, click the Stop button | When it's stopped | Under Startup type set to Disabled | Apply button | OK | Close Services After IPSEC Services is disabled your Failure Audit should go away. This the key you were trying to modify? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\LanmanServer\Parameters -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wes, I followed the instructions from Salado. Zesoft (zeta.exe), which had been in Services previously, was gone. Evidently XoftSpy was able to remove it. I had tried earlier and was unsuccessful. I had, however, disabled it previously with no satifaction. I continued with all steps, downloaded Hijackthis, and found only 3 instances of anything. All are gone now! Still am getting the same error. I thought of repairing windows from the recovery console but wi ndows won't let me in. Sez the version I'm running is newer than the version on disk. Duh!, it's been updated! As for the failed audit. Well, seems that this thraed refers to a server (2000, NT, WP Pro), sez nothing about WP Home. I did try to modify the registry as per Microsoft with NO SATISFACTION! What am I gonna do? Thanx again, I know this is all Gratis and I appreciate it.Scott. "Wesley Vogel" wrote: Scott, Scroll down to Salado's reply here... http://castlecops.com/postp443854.html 4) HijackThis http://www.spywareinfo.com/~merijn/downloads.html 4a) HijackThis (direct download) http://aumha.org/downloads/hijackthis.zip HijackThis log tutorial http://www.spywareinfo.com/~merijn/htlogtutorial.html HijackThis Log Tutorial http://www.aumha.org/a/hjttutor.htm How to use HijackThis to remove Browser Hijackers & Spyware http://www.bleepingcomputer.com/foru...ial=42#warning === ID: 615 Source: Security http://tinyurl.com/5sam2 Event ID: 615 http://www.eventid.net/display.asp?e...ri ty&phase=1 -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Wesley, I ran Microsoft AntiSpyware and found 6 instances of spy/adware including BargainBuddy and Comet. Still got the same error! I then ran the on-line XoftSpy and it found some 123 more instances of the same plus some so I bought the software and ran it with all the updates and found 253 entries of spy/adware! Spanked Microsoft AntiSpyware!!! Still, have same error I deleted the current bootlog and cleared all event weiwer entries then rebooted with boot logging enabled. Here is the result: Service Pack 2 2 19 2005 09:52:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver a347bus.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver viaide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver a347scsi.sys Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\gt680x.sys Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\SVKP.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys I checked the event veiwer and found that the applicatins tab showed only 'information', all blue !'s. Same with System. The Security tab, however, showed 1 lock symbol with the note 'Audit Failed. Here's the clip from that: Event Type: Failure Audit Event Source: Security Event Category: Policy Change Event ID: 615 Date: 2/19/2005 Time: 9:53:21 AM User: NT AUTHORITY\NETWORK SERVICE Computer: GAMER-NGHUI03WC Description: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here is no good, says something about no page listed, check the address to make sure you typed it correctly and gives links to Microsoft security center. By the way, I did 'repair' my network connection just prior to this last boot. I'm ready to SCREAM! Well, hope this info helps you/me. Thanx again. Scott. "Wesley Vogel" wrote: Looks like you have SCUMWARE. Bargain Buddy. http://castlecops.com/postp443854.html Adware.P2PNetworking http://labs.paretologic.com/spyware.....P2PNetworking Bargain Buddy Removal Instructions http://www.scanspyware.net/info/BargainBuddy.htm -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: Ok, yea,lots of good info here, thanx. Here is the only error showing in the event veiwer: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 2/18/2005 Time: 9:33:15 PM User: N/A Computer: GAMER-NGHUI03WC Description: The ZESOFT service failed to start due to the following error: The system cannot find the file specified. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The link here was very general. I have no idea what ZESOFT is. Am going to look for it as soon as I'm done here. Thanx. Scott. "Wesley Vogel" wrote: No need for screen shots from the Event Viewer. Click the Copy button and paste into Notepad or a message.... Event ID & the Event Source are very important. To open the Event Viewer... Start | Run | Type: eventvwr | OK For any Events that seem related to the problem... Double click the event in Event Viewer | Click: the button below the second arrow (looks like two pages) [[Copies the details of the event to the Clipboard.]] | Paste into Notepad Click: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge Base articles | Follow any links that might be useful HOW TO: View and Manage Event Logs in Event Viewer in Windows XP http://support.microsoft.com/default...b;en-us;308427 ----- The bootlog is called Ntbtlog.txt. Located here %systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt To open Ntbtlog.txt... Start | Run | Paste this in the box: %systemroot%\Ntbtlog.txt Click OK. ----- You don't really need to access Dr. Watson... Dr. Watson also records an entry in the Event Viewer Application Log containing the program name, date, time, exception number, exception name, program counter, and function name at the current program counter, as well as the complete diagnostic information that was logged for that error. ----- You can chase your tail for a long time with Dr. Watson. Dr. Watson overview http://www.microsoft.com/resources/d..._overview.mspx Setting up Dr. Watson http://www.microsoft.com/resources/d...son_setup.mspx Working with Dr. Watson http://www.microsoft.com/resources/d...n_options.mspx Using Dr. Watson http://www.microsoft.com/resources/d...dr_watson.mspx Using the Dr. Watson log file http://www.microsoft.com/resources/d...n_logfile.mspx How to Install Symbols for Dr. Watson Error Debugging http://support.microsoft.com/default...b;en-us;141465 HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe http://support.microsoft.com/default...b;en-us;258205 As near as I can tell, Dr Watson is virtually worthless without the symbols. Download Windows Symbol Packages http://www.microsoft.com/whdc/ddk/de...bol%20packages Dr. Watson Fails to Appear Because of Long File Names in Path http://support.microsoft.com/kb/q175644/ Dr. Watson Does Not Run with Certain Extensible Counters http://support.microsoft.com/kb/q234860/ Dr. Watson Causing Fault in USER32 http://support.microsoft.com/kb/q175875/ Random Dr. Watson Errors in Services.exe http://support.microsoft.com/kb/q219602/ Error 87 and Dr. Watson http://support.microsoft.com/kb/q162623/ Interpreting DrWtsn32.log File to Identify Program Crash Data http://support.microsoft.com/kb/q246084/ Dr. Watson Log File May Not Contain Task List http://support.microsoft.com/default...b;en-us;214791 Specifying the Debugger for Unhandled User Mode Exceptions http://support.microsoft.com/kb/q121434/ -- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In , Onemac hunted and pecked: XP Home sp2 Build2600. At startup I get this error message: Error: loader couldn't initial service. Dr Watson is not logging anything and there is no entry in Event Veiwer. System appears stable, haven't found any non-responsive programs (yet). I have screen shots saved of the Event Veiwer but not sure if I can even post them here. Can I? I enabled boot logging but was unable to locate the log file. Think that would help? Also, in Windows help, Dr watson is said to need certain tools from the XP Home CD . These are supposed to be in: Support\Debug\i386. Well, the disk does not have that address. I see them at: Support\Tools and the read me says to load this as a program. I'm confused about this. Please help. Thanx.
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Service Control Manager | Vin | Performance and Maintainance of XP | 1 | April 3rd 05 02:53 AM |
| Cannot schedule chkdsk | hardy | Performance and Maintainance of XP | 21 | February 22nd 05 07:27 AM |
| network adapters | Rick and Deb | Networking and the Internet with Windows XP | 32 | December 17th 04 06:28 PM |
| Startup Menu | Brandon | The Basics | 6 | November 8th 04 06:18 PM |
| Service Pack 2 is destroying me | Confused Marine | Windows XP Help and Support | 2 | October 24th 04 11:55 PM |
Linear Mode
