Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP programs will only work in safe mode


  • Please log in to reply
13 replies to this topic

#1 Andy_viking

Andy_viking

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 December 2013 - 09:57 AM

Hi.

 

I have a HP dx2400 PC, Intel Core 2 duo E7400 processor, 3.25GB ram, running XPSP3.

 

Until yesterday it appeared to be working perfectly. I installed nothing yesterday and noticed no unusual behaviour. When I booted up this morning the CAD drawing package that I use daily would not start and gave an error message saying that it could not find its security dongle. I tried to run Firefox, this started and then immediately froze, locking the pc so I had to restart from the power button. The same happens with Thunderbird and any other exe files I try. When I look in explorer at 'My Computer' I just get the egg timer and it will not show any files.

 

Everything works fine in safe mode, except the CAD software, however this uses a serial dongle on an expansion card so it may not work in safe mode anyway.

 

In safe mode I ran Malwarebytes and it found certain items which were removed. This made no difference. I have run full scans with stinger, spybot S&D and Avast antivirus, all report no errors.

 

I use the CAD software as a self employed designer so i am pretty desparate to get it up and running again. I would appreciate any help or advice please!!

 

Many thanks in advance,

Andy.



BC AdBot (Login to Remove)

 


#2 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 03 December 2013 - 10:23 AM

Okay, I have just been into MSCONFIG (in safe mode) and set it to Diagnostic Start Up and everything works fine in normal mode!!!

 

So I guess it is one of the 'turned off' startup items that is causing the problem.........

 

I'll try turning them on, one by one and restarting.

 

 

EDIT:-

 

It is not related to startup items, but is definitely related to Services. If I enable all services the problem is there, if I disable all services the problem is gone............


Edited by Andy_viking, 03 December 2013 - 01:15 PM.


#3 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 04 December 2013 - 06:38 AM

So, is there any way to find the corrupt or infected service, please?

 

There are far too many to activate one at a time and keep retrying......



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 05 December 2013 - 12:24 AM

Ok lets run this first.
 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 December 2013 - 04:07 AM

Okay, thank you, here is the log file:-

 

Farbar Service Scanner Version: 23-11-2013
Ran by Andy (administrator) on 05-12-2013 at 09:02:45
Running from "C:\Documents and Settings\Andy\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 05 December 2013 - 11:38 AM

Let do this and see about the services.

Download


http://kb.eset.com/library/ESET/KB Team Only/Malware/ServicesRepair.exe

Run it,restart the PC

Post the new FSS log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 December 2013 - 11:43 AM

I tried but I get a 404 error from that link.......



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 05 December 2013 - 12:38 PM

http://kb.eset-la.com/esetkb/index?page=content&id=SOLN2861&locale=en_US
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 December 2013 - 12:48 PM

Okay, ran servicesrepair and then FBS, here is the new log. Note, during this process something turned windows firewall off.

 

Farbar Service Scanner Version: 23-11-2013
Ran by Andy (administrator) on 05-12-2013 at 17:44:49
Running from "C:\Documents and Settings\Andy\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 05 December 2013 - 02:59 PM

OK, Let's see how we are after this...

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 December 2013 - 05:40 AM

One difference I have noticed since running the repair:- When browsing From My Computer to C drive it would always hang for about a minute, now it seems to open C drive immediately.

 

Here is the windows repair log.

 

Starting Repairs...
   Start (05/12/2013 20:31:00)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (05/12/2013 20:31:00)
   Running Repair Under Current User Account
   Done (05/12/2013 20:31:03)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (05/12/2013 20:31:03)
   Running Repair Under System Account
   Done (05/12/2013 20:31:35)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (05/12/2013 20:31:35)
   Running Repair Under System Account
   Done (05/12/2013 20:31:56)

03 - Register System Files
   Start (05/12/2013 20:31:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:33:55)

04 - Repair WMI
   Start (05/12/2013 20:33:55)
   Running Repair Under Current User Account
   Done (05/12/2013 20:36:09)

05 - Repair Windows Firewall
   Start (05/12/2013 20:36:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:36:19)

06 - Repair Internet Explorer
   Start (05/12/2013 20:36:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:38:22)

07 - Repair MDAC/MS Jet
   Start (05/12/2013 20:38:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:38:33)

08 - Repair Hosts File
   Start (05/12/2013 20:38:33)
   Running Repair Under System Account
   Done (05/12/2013 20:38:35)

09 - Remove Policies Set By Infections
   Start (05/12/2013 20:38:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:38:40)

11 - Repair Icons
   Start (05/12/2013 20:38:40)
   Running Repair Under System Account
   Done (05/12/2013 20:38:42)

12 - Repair Winsock & DNS Cache
   Start (05/12/2013 20:38:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:38:50)

14 - Repair Proxy Settings
   Start (05/12/2013 20:38:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:38:55)

16 - Repair Windows Updates
   Start (05/12/2013 20:38:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:39:22)

17 - Repair CD/DVD Missing/Not Working
   Start (05/12/2013 20:39:22)
   Done (05/12/2013 20:39:22)

18 - Repair Volume Shadow Copy Service
   Start (05/12/2013 20:39:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:39:38)

20 - Repair MSI (Windows Installer)
   Start (05/12/2013 20:39:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:39:51)

22.01 - Repair bat Association
   Start (05/12/2013 20:39:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:39:55)

22.02 - Repair cmd Association
   Start (05/12/2013 20:39:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:00)

22.03 - Repair com Association
   Start (05/12/2013 20:40:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:04)

22.04 - Repair Directory Association
   Start (05/12/2013 20:40:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:09)

22.05 - Repair Drive Association
   Start (05/12/2013 20:40:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:14)

22.06 - Repair exe Association
   Start (05/12/2013 20:40:14)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:18)

22.07 - Repair Folder Association
   Start (05/12/2013 20:40:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:23)

22.08 - Repair inf Association
   Start (05/12/2013 20:40:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:27)

22.09 - Repair lnk (Shortcuts) Association
   Start (05/12/2013 20:40:27)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:32)

22.10 - Repair msc Association
   Start (05/12/2013 20:40:32)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:36)

22.11 - Repair reg Association
   Start (05/12/2013 20:40:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:41)

22.12 - Repair scr Association
   Start (05/12/2013 20:40:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:45)

23 - Repair Windows Safe Mode
   Start (05/12/2013 20:40:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:40:50)

24 - Repair Print Spooler
   Start (05/12/2013 20:40:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:41:05)

25 - Restore Important Windows Services
   Start (05/12/2013 20:41:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:41:09)

26 - Set Windows Services To Default Startup
   Start (05/12/2013 20:41:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (05/12/2013 20:41:24)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

Cleaning up empty logs...

All Selected Repairs Done.
   Done (05/12/2013 20:41:24)
   Total Repair Time: 00:10:24


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 06 December 2013 - 11:04 AM

Make sure your firewall is on now.
If not turn it on.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Andy_viking

Andy_viking
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 December 2013 - 11:07 AM

Firewall is on.

 

Thank you!



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:03 AM

Posted 06 December 2013 - 11:09 AM

you are welcome!!

:thumbup2:


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users