Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP booting but useless


  • This topic is locked This topic is locked
15 replies to this topic

#1 adrayton

adrayton

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 April 2012 - 10:21 AM

Hi,

My girlfriend's computer apparently "turned itself off" over the weekend and ever since it has been unable to connect to the internet, launch any programs or really do anything.

It boots fine but seems to fall short of loading everything once at desktop level. Microsoft Security Essentials comes up with the red cross and says it "isn't monitoring your computer because the programs's service stopped". When I click to start the service it says it "couldn't start the security Essentials service. The dependency service or group failed to start. Error code: 0x8007042c"

I've tried launching System Restore to and that returns the error "System Restore is not able to protect your computer. Please restart your computer, and then run system restore again".

Network Connections in control panel show up nothing so I cant connect to either Wi-Fi or ethernet.

All of this is the same in both normal and Safe Boot.

The OS is XP Home Edition SP3 and it's a Compaq mini netbook.

Thanks in advance for any help and I apologies if I've not included any info I should have (first time poster!!)

Andy

Edited by adrayton, 17 April 2012 - 10:23 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 17 April 2012 - 10:32 AM

what happens when you launch a program?

Try this

Copy this tool from a clean PC to infected one

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 17 April 2012 - 10:35 AM.


#3 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 April 2012 - 11:01 AM

Thank you for your speedy response!

Here are the results...

Farbar Service Scanner Version: 16-04-2012
Ran by Janey (administrator) on 17-04-2012 at 16:59:19
Running from "D:\rkill\New folder"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\svchost.exe is missing.
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) waclient(8)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Thanks again,

Andy

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 17 April 2012 - 01:42 PM

Launch FSS again and type

svchost.exe in search box and click on search files

Post the generated log

Edited by narenxp, 17 April 2012 - 01:42 PM.


#5 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 April 2012 - 03:01 PM

Thanks again for your reply. Here's the log...

Farbar Service Scanner Version: 16-04-2012
Ran by Janey (administrator) on 17-04-2012 at 20:57:31
Microsoft Windows XP Service Pack 3 (X86)

************************************************
======== Search: "svchost.exe" =========

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012-04-16 17:59] - [2012-04-04 15:56] - 0199240 ____A () 097D0E812D7A9A3101CE46CB2BE0474D

====== End Of Search ======

Andy

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 17 April 2012 - 08:54 PM

Do you have the XP OS CD with you?

you're missing important system files

Insert the CD

Press WIndows+R key and type

sfc /scannow

Allow the scan to run

Now run FSS again post the log

good luck

#7 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2012 - 01:52 AM

Unfortunately it did not come with the installation cd and it has no optical drive!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 18 April 2012 - 02:57 AM

oops !

Press Windows+R key and type

c:\windows\system32\restore\rstrui.exe

and click ok,now create a restore point

Download


COpy the file to C:/WINDOWS/SYSTEM32 folder

Restart the PC and post the new FSS log

good luck

Edited by narenxp, 18 April 2012 - 03:24 AM.


#9 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2012 - 03:20 AM

Even more unfortunately I cannot run System Restore (see error in first post) and after downloading the file on my good laptop, and copying it to my pendrive i cannot copy on the infected P.C!!!

If I try to drag any icons around on the desktop in and explorer window they do do react. If i right click and select cut or copy I do not recieve the paste option when right clicking in again. Ctrl C/X and Ctrl V has the same outcome.

Not looking good this is it?!?

Thanks a lot,

Andy

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 18 April 2012 - 03:24 AM

We have to take a deeper look

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#11 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2012 - 04:02 AM

Thanks a lot for your help. I've started a new topic here...

http://www.bleepingcomputer.com/forums/topic450511.html/page__gopid__2669532#entry2669532

Andy

#12 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2012 - 05:53 AM

I've just figured out that if I add things to a zipped folder I still get the option to extract them to any directory I like on the infected P.C, therefore getting around the copy and paste problem.

I've added the svchost to the system32 folder, rebooted and here is the new FSS log

Farbar Service Scanner Version: 16-04-2012
Ran by Janey (administrator) on 18-04-2012 at 11:51:43
Running from "D:\rkill\New folder"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2012-04-18 09:12] - [2012-04-18 09:12] - 0007278 ____A () 115CAD555F7D81DE53015F018875FA4D

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(6) PSched(7) Tcpip(3) waclient(8)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 18 April 2012 - 06:07 AM

As you have created a topic in other forum wait for a malware expert to assist you soon

good luck

#14 adrayton

adrayton
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2012 - 06:09 AM

Ok, many thanks.

Andy

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 PM

Posted 18 April 2012 - 06:10 AM

you're welcome :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users