Scott,
antivirus.exe is a WORM!
Your machine won't boot without the boot.ini file.
If you have Hide extensions for known file types turned on, boot.ini
will show as just boot.
Open Folder Options...
Start | Run | Type: control folders | OK |
View tab | UNCheck:  Hide extensions for known file types |
Apply | OK
Microsoft's explanation...
Hide extensions for known file types
[[Hides the last part of a file name, reducing clutter in folder
windows.]]
What is or where is %system%pss? Never mind. C:\WINDOWS\pss or
%systemroot%\pss
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Onemac <
[email protected]> hunted and pecked:
Yes, that is the key and no, it didn't help. However, SUCCESS AT
LAST! I opened task manager and searched each process in order to
verify it. I searched for one, antivirus.exe, and found there was
no folder associated with it. Well, since McAfee was working
correctly, I googled it and came upon a web site tthat offered a
little program called 'Anti-Spy.Info'. What luck, this program does
exactly what I was doing manually and much more. I downloaded the
trial version
http://anti-spy.info/, and voila, this
antispyware.exe that was stuck in Processes is what was causing the
error message! I was also able to check and confidently remove a
process that I've been wondering about for some time (PRISM\Apply).
All is running fine now thanx to you and a little luck. Iwill
disable IPSEC Services just becuz.
I do have one more question though. Last night I was trying to make
a boot floppy and could not find Boot.ini in the root directory. I
did find a backup copy at %system%pss. Had a heck of a time making
it work (think because it had 'backup' attached to the file name. My
final solution was to copy it then rename it simply 'boot'. Now it
works fine. Won't work at all if the file name is 'boot.ini'. What's
up with that? Well, Thanx again and happy surfing! Scott.
:
Scott,
If you're not on a network you do not need the IPSEC Services
service running. I have XP Pro and I have this disabled.
Open Services...
Start | Run | Type: services.msc | OK |
Scroll down to and double click: IPSEC Services |
If it's running, click the Stop button | When it's stopped |
Under Startup type set to Disabled | Apply button | OK |
Close Services
After IPSEC Services is disabled your Failure Audit should go away.
This the key you were trying to modify?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Onemac <
[email protected]> hunted and pecked:
Wes, I followed the instructions from Salado. Zesoft (zeta.exe),
which had been in Services previously, was gone. Evidently XoftSpy
was able to remove it. I had tried earlier and was unsuccessful. I
had, however, disabled it previously with no satifaction. I
continued with all steps, downloaded Hijackthis, and found only 3
instances of anything. All are gone now! Still am getting the same
error.
I thought of repairing windows from the recovery console but wi
ndows won't let me in. Sez the version I'm running is newer than
the version on disk. Duh!, it's been updated!
As for the failed audit. Well, seems that this thraed refers to a
server (2000, NT, WP Pro), sez nothing about WP Home. I did try to
modify the registry as per Microsoft with NO SATISFACTION!
What am I gonna do? Thanx again, I know this is all Gratis and I
appreciate it.Scott.
:
Scott,
Scroll down to Salado's reply here...
http://castlecops.com/postp443854.html
4) HijackThis
http://www.spywareinfo.com/~merijn/downloads.html
4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip
HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm
How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning
===
ID: 615
Source: Security
http://tinyurl.com/5sam2
Event ID: 615
http://www.eventid.net/display.asp?eventid=615&eventno=3595&source=Security&phase=1
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Onemac <
[email protected]> hunted and pecked:
Wesley, I ran Microsoft AntiSpyware and found 6 instances of
spy/adware including BargainBuddy and Comet. Still got the same
error! I then ran the on-line XoftSpy and it found some 123 more
instances of the same plus some so I bought the software and ran
it with all the updates and found 253 entries of spy/adware!
Spanked Microsoft AntiSpyware!!! Still, have same error
I deleted the current bootlog and cleared all event weiwer
entries then rebooted with boot logging enabled. Here is the
result: Service Pack 2 2 19 2005 09:52:07.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver a347bus.sys
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver viaide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver a347scsi.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver viaagp.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\System32\DRIVERS\processr.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\drivers\TBirdHD.sys
Loaded driver \SystemRoot\system32\DRIVERS\TBhdgame.sys
Loaded driver \SystemRoot\system32\DRIVERS\SMC1211.SYS
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\gt680x.sys
Loaded driver \SystemRoot\System32\Drivers\MpFirewall.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mdc8021x.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\WINDOWS\system32\SVKP.sys
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\DRIVERS\NaiFiltr.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
I checked the event veiwer and found that the applicatins tab
showed only 'information', all blue !'s. Same with System. The
Security tab, however, showed 1 lock symbol with the note 'Audit
Failed. Here's the clip from that:
Event Type: Failure Audit
Event Source: Security
Event Category: Policy Change
Event ID: 615
Date: 2/19/2005
Time: 9:53:21 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: GAMER-NGHUI03WC
Description:
IPSec Services: IPSec Services failed to get the complete list
of network interfaces on the machine. This can be a potential
security hazard to the machine since some of the network
interfaces may not get the protection as desired by the applied
IPSec filters. Please run IPSec monitor snap-in to further
diagnose the problem.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
The link here is no good, says something about no page listed,
check the address to make sure you typed it correctly and gives
links to Microsoft security center.
By the way, I did 'repair' my network connection just prior to
this last boot. I'm ready to SCREAM! Well, hope this info helps
you/me. Thanx again. Scott.
:
Looks like you have SCUMWARE. Bargain Buddy.
http://castlecops.com/postp443854.html
Adware.P2PNetworking
http://labs.paretologic.com/spyware.aspx?remove=Adware.P2PNetworking
Bargain Buddy Removal Instructions
http://www.scanspyware.net/info/BargainBuddy.htm
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Onemac <
[email protected]> hunted and pecked:
Ok, yea,lots of good info here, thanx. Here is the only error
showing in the event veiwer: Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/18/2005
Time: 9:33:15 PM
User: N/A
Computer: GAMER-NGHUI03WC
Description:
The ZESOFT service failed to start due to the following error:
The system cannot find the file specified.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
The link here was very general. I have no idea what ZESOFT is.
Am going to look for it as soon as I'm done here. Thanx.
Scott.
:
No need for screen shots from the Event Viewer. Click the
Copy button and paste into Notepad or a message....
Event ID & the Event Source are very important.
To open the Event Viewer...
Start | Run | Type: eventvwr | OK
For any Events that seem related to the problem...
Double click the event in Event Viewer | Click: the button
below the second arrow (looks like two pages) [[Copies the
details of the event to the Clipboard.]] | Paste into Notepad
Click:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Read all info | Copy and paste to Notepad | Click the [+]
Related Knowledge Base articles | Follow any links that might
be useful
HOW TO: View and Manage Event Logs in Event Viewer in Windows
XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427
-----
The bootlog is called Ntbtlog.txt.
Located here >>
%systemroot%\Ntbtlog.txt or C:\WINDOWS\Ntbtlog.txt
To open Ntbtlog.txt...
Start | Run | Paste this in the box:
%systemroot%\Ntbtlog.txt
Click OK.
-----
You don't really need to access Dr. Watson...
Dr. Watson also records an entry in the Event Viewer
Application Log containing the program name, date, time,
exception number, exception name, program counter, and
function name at the current program counter, as well as the
complete diagnostic information that was logged for that
error. -----
You can chase your tail for a long time with Dr. Watson.
Dr. Watson overview
http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/drwatson_overview.mspx
Setting up Dr. Watson
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson_setup.mspx
Working with Dr. Watson
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson_options.mspx
Using Dr. Watson
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/app_dr_watson.mspx
Using the Dr. Watson log file
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/drwatson_logfile.mspx
How to Install Symbols for Dr. Watson Error Debugging
http://support.microsoft.com/default.aspx?scid=kb;en-us;141465
HOWTO: Use Rebase to Extract Symbols for DrWtSn32.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;258205
As near as I can tell, Dr Watson is virtually worthless
without the symbols.
Download Windows Symbol Packages
http://www.microsoft.com/whdc/ddk/debugging/symbolpkg.mspx#Windows symbol packages
Dr. Watson Fails to Appear Because of Long File Names in Path
http://support.microsoft.com/kb/q175644/
Dr. Watson Does Not Run with Certain Extensible Counters
http://support.microsoft.com/kb/q234860/
Dr. Watson Causing Fault in USER32
http://support.microsoft.com/kb/q175875/
Random Dr. Watson Errors in Services.exe
http://support.microsoft.com/kb/q219602/
Error 87 and Dr. Watson
http://support.microsoft.com/kb/q162623/
Interpreting DrWtsn32.log File to Identify Program Crash Data
http://support.microsoft.com/kb/q246084/
Dr. Watson Log File May Not Contain Task List
http://support.microsoft.com/default.aspx?scid=kb;en-us;214791
Specifying the Debugger for Unhandled User Mode Exceptions
http://support.microsoft.com/kb/q121434/
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In Onemac <
[email protected]> hunted and pecked:
XP Home sp2 Build2600.
At startup I get this error message: Error: loader couldn't
initial service. Dr Watson is not logging anything and there
is no entry in Event Veiwer. System appears stable, haven't
found any non-responsive programs (yet).
I have screen shots saved of the Event Veiwer but not sure
if I can even post them here. Can I?
I enabled boot logging but was unable to locate the log
file. Think that would help?
Also, in Windows help, Dr watson is said to need certain
tools from the XP Home CD . These are supposed to be in:
Support\Debug\i386. Well, the disk does not have that
address. I see them at: Support\Tools and the read me says
to load this as a program. I'm confused about this. Please
help. Thanx.
