Windows RPC server question continued in a topic

I created this topic cause i was messageing essexboy for help for something that deals with the RPC server giving me problems on my other computer that is a Windows XP 32-bit PC

Edit: I’ll post the log in a few minutes

http://i1122.photobucket.com/albums/l535/coolmario88/rpcserver.png

Here is the log of the scan :slight_smile:

I have highlighted the problem areas - Do you have access to another xp system ?

Farbar Service Scanner
Ran by Ray (administrator) on 12-01-2012 at 15:19:21
Service Pack 3 (X86)
Boot Mode: Normal


Internet Services:

Nsi Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking LEGACY_nsiproxy: Attention! Unable to open LEGACY_nsiproxy\0000 registry key. The key does not exist.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking LEGACY_mpsdrv: Attention! Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

Firewall Disabled Policy:

File Check:

Attention! C:\WINDOWS\system32\nsisvc.dll is missing.
Attention! C:\WINDOWS\system32\Drivers\nsiproxy.sys is missing.

Attention! C:\WINDOWS\system32\Drivers\nsiproxy.sys is missing.
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\tdx.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
Attention! C:\WINDOWS\system32\mpssvc.dll is missing.
Attention! C:\WINDOWS\system32\bfe.dll is missing.
Attention! C:\WINDOWS\system32\Drivers\mpsdrv.sys is missing.

C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit

**** End of log ****

No, I don’t have access to another windows xp system. I have ubuntu on a cd as a backup OS though :slight_smile:

OK first we will determine if there are copies of the files on your system

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
nsisvc.*
nsiproxy*
tdx.*
bfe.*
mpsdrv.*
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U*.* /s
CREATERESTOREPOINT

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

Here is both of the logs :slight_smile:

Oh Oh no spares… Could you wait till saturday when I install my xp vm ?

Once it is up and running I will get the necessary reg files and files for you

Yeah i can wait :slight_smile:

OK downloading a copy of VMWare ready ;D

VM installed and now doing a shedload of updates… I think I will slipstream SP3 into my disc for next time ;D

OK in a few moments I will upload a zip file for you to my site - It will be called Mario.zip, original I know ;D

I will post the link in a minute as soon as it is uploaded

Once you have completed this could you re-run Farbar please

In there you will find some registry entries and files

Run in the following order :

RestoreBFE.exe
BFE.reg
mpssvc.reg

Copy the following files to the location stated:

tdx.sys to C:\WINDOWS\system32\Drivers\tdx.sys
nsiproxy.sys to C:\WINDOWS\system32\Drivers\nsiproxy.sys
nsisvc.dll to C:\WINDOWS\system32\nsisvc.dll
bfe.dll to C:\WINDOWS\system32\bfe.dll
mpsdrv.sys to C:\WINDOWS\system32\Drivers\mpsdrv.sys

Then run the following commands

regsvr32 nsisvc.dll
regsvr32 bfe.dll

Ok will do… waiting for the link

Here is the link https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B!117&sc=documents

Sorry for the delay, my other half snaffled the computer

Couldn’t run “RestoreBFE.exe” here is the error i got… (see pic)

Continue with the rest please

I continued with the rest and got errors when I ran the commands “regsvr32 nsisvc.dll
regsvr32 bfe.dll” I reran Farbar also… farbar log in attached and the screenshots of the errors i got.

Edit: What is with these errors like that i got when i ran those commands?

Could you attach the farbar please and I will check that out

Farbar Service Scanner
Ran by Ray (administrator) on 14-01-2012 at 12:05:14
Service Pack 3 (X86)
Boot Mode: Normal


Internet Services:

Nsi Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking LEGACY_nsiproxy: Attention! Unable to open LEGACY_nsiproxy\0000 registry key. The key does not exist.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

mpsdrv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking LEGACY_mpsdrv: Attention! Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

Firewall Disabled Policy:

File Check:

C:\WINDOWS\system32\nsisvc.dll
[2012-01-14 11:59] - [2010-06-23 05:55] - 0019456 ____A (Microsoft Corporation) C1C48F6496FE20AB17C93ACC5FB51230

C:\WINDOWS\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\nsiproxy.sys
[2012-01-14 11:58] - [2009-07-14 07:12] - 0016896 ____A (Microsoft Corporation) E9A0A4D07E53D8FEA2BB8387A3293C58

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tdx.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
Attention! C:\WINDOWS\system32\mpssvc.dll is missing.
C:\WINDOWS\system32\bfe.dll
[2012-01-14 11:59] - [2010-06-23 05:47] - 0494592 ____A (Microsoft Corporation) F52F01B7010D916E90C97EEBF4B35082

C:\WINDOWS\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit

**** End of log ****

The farbar log is attached
http://forum.avast.com/index.php?action=dlattach;topic=91780.0;attach=74388

I forgot to add one file to the zip folder :-[

mpssvc.dll I have uploaded a copy to my site - same link as before the file is to be copied here C:\WINDOWS\system32\mpssvc.dll
I cannot find the other registry entries on my system, whether that is because it is a VM I do not know

What are the problems now ?

well I still get the RPC server is unavailable… but i guess its ok for now… If i run into any more problems with this windows xp computer… i might just install ubuntu to replace windows xp… also I’m marking this topic was resolved… :-\

but anyways

Thank you essexboy for the help! :slight_smile:

Edit: Unmarking topic as resolved since it is still getting some replys… :stuck_out_tongue: