Ok. Thank you.
Download to your desktop the zip file from here https://dl.dropbox.com/u/73555776/porq.zip
Inside that zip file are four other zip files :
system32
system32 wbem
system32 driver
Registry
Extract these four to the desktop
Open system32.zip and extract all the files to C:\windows\system32
Open system32 wbem.zip and extract the file to C:\windows\system32\wbem
Open system32 driver.zip and extract the file to C:\windows\system32\drivers
Open Registry.zip and extract all files to the desktop
Double click each .reg file in turn and allow to merge with the registry
Reboot and run FSS once more
Done.
I only had error signs with
LEGACY_SHAREDACCESS.reg
LEGACY_SRSERVICE.reg
LEGACY_WSCSVC.reg
Here´s the log
Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 08-03-2013 at 17:01:29
Running from “C:\Documents and Settings\Administrator\Desktop\ANTIVIRUS LOGS\logs 3”
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
Internet Services:
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of Dnscache. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Dnscache. The value does not exist.
Unable to retrieve ServiceDll of Dnscache. The value does not exist.
Checking LEGACY_Dnscache: ATTENTION!=====> Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Firewall Disabled Policy:
System Restore:
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: “C:\WINDOWS\system32\srsvc.dll”.
Checking LEGACY_Srservice: ATTENTION!=====> Unable to open LEGACY_Srservice\0000 registry key. The key does not exist.
sr Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open sr registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open sr registry key. The service key does not exist.
Checking LEGACY_sr: ATTENTION!=====> Unable to open LEGACY_sr\0000 registry key. The key does not exist.
System Restore Disabled Policy:
Security Center:
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
Windows Update:
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: “C:\WINDOWS\system32\svchost.exe -k netsvcs”.
The ServiceDll of EventSystem: “C:\WINDOWS\system32\es.dll”.
Checking LEGACY_EventSystem: ATTENTION!=====> Unable to open LEGACY_EventSystem\0000 registry key. The key does not exist.
Windows Autoupdate Disabled Policy:
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: “%SystemRoot%\system32\svchost.exe -k rpcss”.
File Check:
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-06-20 15:00] - [2008-06-20 15:00] - 0361344 ____A (Microsoft Corporation) ACCF5A9A1FFAA490F33DBA1C632B95E1
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-03-08 16:54] - [2008-04-14 00:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-06-20 15:00] - [2008-06-20 15:00] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185
Extra List:
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Getting there, windows should generate its own legacy keys once we get it up and running
Download this registry file to the desktop https://dl.dropbox.com/u/73555776/sr.reg (You may need to right click and select save as )
Double click and allow to merge
Reboot and try FSS again
Done.
Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 11-03-2013 at 09:20:08
Running from “C:\Documents and Settings\Administrator\Desktop\ANTIVIRUS LOGS\logs 3”
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
Internet Services:
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of Dnscache. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Dnscache. The value does not exist.
Unable to retrieve ServiceDll of Dnscache. The value does not exist.
Checking LEGACY_Dnscache: ATTENTION!=====> Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
Connection Status:
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline
Windows Firewall:
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.
Firewall Disabled Policy:
System Restore:
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: “C:\WINDOWS\system32\srsvc.dll”.
Checking LEGACY_Srservice: ATTENTION!=====> Unable to open LEGACY_Srservice\0000 registry key. The key does not exist.
sr Service is not running. Checking service configuration:
The start type of sr service is OK.
The ImagePath of sr service is OK.
Checking LEGACY_sr: ATTENTION!=====> Unable to open LEGACY_sr\0000 registry key. The key does not exist.
System Restore Disabled Policy:
Security Center:
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: “C:\WINDOWS\system32\svchost.exe -k netsvcs”.
The ServiceDll of EventSystem: “C:\WINDOWS\system32\es.dll”.
Checking LEGACY_EventSystem: ATTENTION!=====> Unable to open LEGACY_EventSystem\0000 registry key. The key does not exist.
Windows Autoupdate Disabled Policy:
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: “%SystemRoot%\system32\svchost.exe -k rpcss”.
File Check:
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-06-20 15:00] - [2008-06-20 15:00] - 0361344 ____A (Microsoft Corporation) ACCF5A9A1FFAA490F33DBA1C632B95E1
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-03-08 16:54] - [2008-04-14 00:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-06-20 15:00] - [2008-06-20 15:00] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185
Extra List:
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
OK this should be the last registry key
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00
"DisplayName"="DNS Client"
"Group"="TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Enum]
"0"="Root\\LEGACY_DNSCACHE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Try Combofix again… Allow it to update if requested
Done
here´s the log attached
Combofix again is “attempting to create a new restore point” in the blue screen
Could you go Start > Run and type in the following (or copy and paste) :
rundll32.exe advpack.dll,LaunchINFSection %Windir%\Inf\sr.inf
The see if combofix can set a restore point
after enter this on “Run”, I got this sign
http://i45.tinypic.com/3502ws2.jpg
Run Combp fix and the “Attempting to create a new System Restore point” happend
Download this file https://dl.dropbox.com/u/73555776/sr.inf place it in the C:\Windows\inf folder (you may need to show hidden files)
Then right click the file and select install.
Your system seems to be badly damaged, and it may be time to either do a repair install or a full reformat
I see.
What´s a “repair install”, please?
the sr.inf asks me for Instalation CD that I don´t have
Unfortunately for a repair install you need a CD
Thank you!
To run a repair install see here http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/