Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Since Malware removal, cannot access files & programmes


  • Please log in to reply

#31
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I've got as far as trying to type 0xffffffff in the Value Data Field. It won't accept an x but I can type 0ffffffff.
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
just put in the F's

0x just means hex
  • 0

#33
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Hit a problem.

Windows Resource Kits\Tools is in Programme Files (x86). So when I pasted the copied lines it said "the system cannot find the path specified". I tried to manually type in Programme files (x86) but the same message came up. Is it sensitive to spaces etc?
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Needs the quotation marks so if it's really in Programme Files (x86) then it would be

cd "\Programme Files (x86)\Windows Resource Kits\Tools"
reset.cmd


You can also probably use progra~1 instead of Programme Files (x86)

cd progra~1
cd "Windows Resource KitsWindows Resource Kits"
reset.cmd
  • 0

#35
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Still no success.

Tried to do a print screen of Command Prompt but it wouldn't save in Paint.

Have tried both \Programme files (x86) and Progra~1 and both came up as "system cannot find specified path".

After reset.cmd it says " reset.cmd" is not recognised as an internal or external command, operable programme or batch file.
  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
If I look at your OTL log I see:

C:\Program Files (x86) and not C:\Programme Files (x86)


so try

cd "\Program Files (x86)\Windows Resource Kits\Tools"
reset.cmd
  • 0

#37
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OK the first line with program instead of programme seems to be OK now but it is still not recognising reset.cmd as a valid imput.
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Did you unzip the reset.zip to get the reset.cmd file? Did you move reset.cmd to your "\Program Files (x86)\Windows Resource Kits\Tools" folder?
  • 0

#39
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Sorry Ron. This exercise is taking my computing skills to new territory!

I've unzipped reset.zip so that it appears on the right as reset.cmd. I then highlight it and click on extract. In Extract options, "Extract to this location" I've got C:\Program Files (x86)\Windows Resource Kits\Tools

Should Extract files to a new folder (\reset) be checked?

What should be selected in Content and File conflicts?

If you let me know about these queries I'll give it a go later but will then need to log off until tomorrow.

Thanks for your patience!
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Should Extract files to a new folder (\reset) be checked?


No. We want reset.cmd to be in C:\Program Files (x86)\Windows Resource Kits\Tools

Content and File conflicts?


Shouldn't matter as there should be no conflicts.
  • 0

Advertisements


#41
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Successfully ran reset.cmd then rebooted and ran VEW.exe.

Here are the logs:-

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/09/2013 13:04:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/09/2013 22:03:27
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x1960 Faulting application start time: 0x01ceb3ed3899428f Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: fa82bc70-1fe4-11e3-aacb-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 21:40:14
Type: Error Category: 0
Event: 1043 Source: MsiInstaller
Failed to end a Windows Installer transaction {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}. Error 1622 occurred while ending the transaction.

Log: 'Application' Date/Time: 17/09/2013 21:39:41
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 21:39:40
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 15:34:25
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 15:34:24
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 13:21:33
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x18cc Faulting application start time: 0x01ceb3a8d2b8840d Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: 120fa5b1-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:21:29
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x1a40 Faulting application start time: 0x01ceb3a8ca969ce1 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0f233130-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:21:08
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0xf00 Faulting application start time: 0x01ceb3a8c35b80a6 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: 02c3fdb7-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:20:29
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x9f8 Faulting application start time: 0x01ceb3a817cc156b Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: ebcf96ac-1f9b-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 12:21:11
Type: Error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8


Log: 'Application' Date/Time: 17/09/2013 12:21:10
Type: Error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8


Log: 'Application' Date/Time: 17/09/2013 11:40:56
Type: Error Category: 0
Event: 1024 Source: MsiInstaller
Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Log: 'Application' Date/Time: 17/09/2013 11:40:49
Type: Error Category: 0
Event: 1024 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2010 - Update 'Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Log: 'Application' Date/Time: 17/09/2013 11:40:38
Type: Error Category: 0
Event: 1043 Source: MsiInstaller
Failed to end a Windows Installer transaction C:\Windows\Installer\1bbc723.msi. Error 1622 occurred while ending the transaction.

Log: 'Application' Date/Time: 17/09/2013 11:40:30
Type: Error Category: 0
Event: 1043 Source: MsiInstaller
Failed to end a Windows Installer transaction C:\Windows\Installer\1bbc723.msi. Error 1622 occurred while ending the transaction.

Log: 'Application' Date/Time: 17/09/2013 11:39:46
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 11:39:45
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 16/09/2013 16:29:59
Type: Error Category: 0
Event: 11711 Source: MsiInstaller
Product: Microsoft Fix it 50409 -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Log: 'Application' Date/Time: 16/09/2013 16:29:57
Type: Error Category: 0
Event: 10005 Source: MsiInstaller
Product: Microsoft Fix it 50409 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2013 12:05:17
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 11:55:57
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=E04}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 11:55:42
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=E04}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 18/09/2013 10:54:35
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 18/09/2013 10:54:35
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 18/09/2013 10:53:50
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 10:44:27
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D98}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 10:44:19
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D98}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 17/09/2013 21:39:42
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 21:39:42
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 21:39:27
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 21:37:27
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 17/09/2013 21:37:27
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 17/09/2013 21:27:22
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=B7C}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 17/09/2013 21:27:15
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=B7C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 17/09/2013 17:24:54
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 16:24:54
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 15:34:26
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 15:34:26
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 17/09/2013 15:34:13
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/09/2013 13:05:51

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2013 20:05:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/07/2013 21:12:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/06/2013 10:43:11
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2013 19:26:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/09/2013 12:02:05
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {7AB36653-1796-484B-BDFA-E74F1DB7C1DC} as /. The error: "5" Happened while starting this command: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding

Log: 'System' Date/Time: 18/09/2013 11:57:40
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:40
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:39
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:39
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:40
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 11:57:39
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 11:57:29
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:29
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:57:29
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 11:53:44
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:53:44
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 11:53:44
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 11:17:24
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 10:47:42
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/09/2013 11:53:46
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 11:53:46
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 22:29:39
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/09/2013 22:29:39
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/09/2013 18:33:35
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/09/2013 18:33:35
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 13:17:56
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_091E&PID_455B\0000e6002c71.

Log: 'System' Date/Time: 17/09/2013 11:43:13
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_S5830I_CARD&REV_0000#7&2B6F9F3C&0&0123456789ABCDEF&0#.

Log: 'System' Date/Time: 17/09/2013 10:48:30
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/09/2013 10:48:30
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 10:19:50
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 17/09/2013 10:19:46
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 16/09/2013 17:18:50
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/09/2013 17:18:49
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 16/09/2013 15:01:49
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 16/09/2013 13:09:42
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129E&MI_00\0.

Log: 'System' Date/Time: 16/09/2013 12:03:11
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
See if you can do the procedure on http://technet.micro...7(v=ws.10).aspx
  • 0

#43
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Fell at the first hurdle.

Can't find %systemdrive%\Windows in the C drive.
  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
%systemdrive%\Windows is Microsoft speak for C:\Windows
  • 0

#45
GrahamH

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Have carried out the procedure. However can't see "system writer" in the list of writers.

They are as follows:-

Task scheduler writer
USS Metadata store writer
Performance Counter Writer
ASR Writer
MSService search writer
WMI Writer
Registry Writer
Shadow Copy Optimisation Writer
COM & REGDB Writer
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP