Sorry - but the link for the sp2 xp download doesn’t work.
I have tried searching - but I can’t find anything…
http://www.microsoft.com/en-us/download/details.aspx?id=25129 is the cd for service pack 3. Is that any use?
Here ya go. Dont think the console installed though.
That didn’t work for the console but i have found an xp cd. Can i grab it from there?
After combofix starts - it says it needs recovery console and asks if it can install. I say yes and it says ‘Boot Partition cannot be enumerated correctly’
OK lets use a different programme to check the MBR, how is the computer at the moment ?
[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
[*]The report has been created on the desktop.
[*]Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
[*]The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
OK. I’ve done that.
I actually tried the dns and host fix too. But it didn’t seem to make any difference.
I have attached the logs.
Oh and the fix shortcuts…
Nope but it has shown an anomoly
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
http://dl.dropbox.com/u/73555776/TDSSFront.JPG
[*]Then click on Change parameters.
http://dl.dropbox.com/u/73555776/TDSSConfig.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://dl.dropbox.com/u/73555776/TDSSFound.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
http://dl.dropbox.com/u/73555776/TDSSEnd.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Well over the 10000 character limit so I have attached the log.
All your permissions are messed up by the look of it
Download subincal from here http://majorgeeks.com/Microsoft_SubInACL_SubInACL.exe_d7733.html and install
Download reset.zip from here https://dl.dropbox.com/u/73555776/reset.zip
Extract reset.cmd to your desktop and run
THEN
Download Windows Repair (all in one) from this site
Install the programme then run
https://dl.dropbox.com/u/73555776/waio%20start.JPG
Go to step 3 and allow it to run SFC
https://dl.dropbox.com/u/73555776/waio%20step3.JPG
On the start repairs tab click start
https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG
Select the following items and tick restart system when finished
I’ve attached the logs.
Still no joy. No outlook or network. IE and Chrome still cant access the net.
Avast Web and Mail Shield won’t start. (Although now the network shield is running?!?).
And the rest of the logs…
last one…
OK it appears that shared access is not running
https://dl.dropbox.com/u/73555776/FSS.GIF
Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 17-08-2012 at 16:18:01
Running from "H:"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
Internet Services:
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.
Connection Status:
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
System Restore:
System Restore Disabled Policy:
Security Center:
Windows Update:
Windows Autoupdate Disabled Policy:
File Check:
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys
[2006-02-28 03:00] - [2006-02-28 08:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
Extra List:
aswTdi(10) Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000009000000080000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4. ATTENTION!=====> IpSec Tag value is missing and it should be 4.
**** End of log ****
Download Complete Internet Repair to your desktop
Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom
Mostly…
Could you now run FSS again please