TechSpot

Can't launch system applications. Several application errors. Please help me..

By RebKit
Sep 17, 2010
  1. My original post can be found at http://www.techspot.com/vb/topic153408.html#post934328. I was told to come here with my logs for further help. The laptop that has the problem is a HP mini-notebook WinXp Pro Sp3, no cd rom, no internet access. I have limited program capabilities and was not able to get an antivirus program to work on it so I used Stinger.

    The logs I acquired didn't produce much information, at least not to me. Hopefully they'll help someone help me fix this darn computer. Thanks in advance for your help!

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4618

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/17/2010 5:32:46 AM
    mbam-log-2010-09-17 (05-32-46).txt

    Scan type: Quick scan
    Objects scanned: 128226
    Time elapsed: 8 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-17 08:25:07
    Windows 5.1.2600 Service Pack 3
    Running: 8fsr40nf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA5DC4D0]
    SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA5DC520]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP58\A0029376.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0036550.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0036562.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0037562.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038572.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038580.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038626.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038724.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038734.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038772.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038877.exe:BAK 22528 bytes executable
    ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038902.exe:BAK 22528 bytes executable

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 8:50:08.14 on Fri 09/17/2010
    Internet Explorer: 8.0.6001.18702

    ============== Running Processes ===============

    ProcessList.txt
    (log empty)


    Please let me know if you need more from me. Thanks so much!
     
  2. RebKit

    RebKit TS Rookie Topic Starter

    I went ahead and ran Hijack This. It said something about BHO: WormRadar.com so I'm posting it here for further review.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:43:55 AM, on 9/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\rpcnetp.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\Troubleshooting Software\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

    --
    End of file - 3238 bytes
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I will try to help. But you're going to have to stop doing things on your own once we start> no other cleaning programs or scans unless I instruct you to run them. No Registry cleaner or Registry changes.

    As for this:\O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    As you can see, this browser helper object is part of AVG.

    I seriously doubt that the necessary Services are running. Without them, the system can't do what it is suppose to do. There is only 1 Services in the HJT log and it's AVG. Even 'minis' need more than that running.

    DDS shows 'no processes running'> so, you can't expect to do much!

    You mention this:
    That was because the command wasn't correct.

    To start System Restore using the Command prompt, follow these steps:
    1. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Use the arrow keys to select the Safe mode with a Command prompt option.
    • If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
    • Log on as an administrator or with an account that has administrator credentials.
    • At the command prompt, type:
      %systemroot%\system32\restore\rstrui.exe> then press ENTER.
    • . Follow the instructions that appear on the screen to restore your computer to a functional state.

    See if you can get in that way and let me know the results.

    You do not mention what you may have done before the problem started, so we have nothing to go on from there. If you can get into the system to do a system restore-if there is even a restore point available, there should be a partition with a repair or recovery on it if needed.

    If you can boot into Normal Mode, I'd like you to run this> you will need to download it on the flash drive, then install on the mini:

    Please download VEW and save it to your Desktop:

    Setting up the program
    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System
      Under Select type to list, select:
    • Critical (Vista only)
    • Error
      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

    Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.

    (Courtesy rev-Olie)

    This will give me an idea of what Services/Drivers can't run and if any of the Dependencies aren't set. It's best in Normal Mode because some won't start in Safe Mode and that information would be misleading..
     
  4. RebKit

    RebKit TS Rookie Topic Starter

    No worries! I will do exactly what you tell me, nothing more, nothing less. I'm grateful that you're here to help. Thx.

    I mention this in detail in my original post in the Operating Systems and Software Forum at http://www.techspot.com/vb/topic153408.html#post934328 Please let me know if I should copy the details here.

    I am assuming that DDS didn't see the processes that were running. Task Manager listed 24 processes running, but DDS didn't report any of them.


    In command prompt I typed %systemroot%\system32\restore\rstrui.exe then pressed ENTER. This popped up: System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again.

    I restarted normally, opened command prompt I typed %systemroot%\system32\restore\rstrui.exe then pressed ENTER. System Restore did not open, but a Generic Host Process for Win32 Services error report popped up > Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. To see what data this error report contains, click here. > Error signature... (just as I was typing this System Restore opened.) I closed the error report by clicking Don't Send.

    On the Welcome to System Restore screen I clicked the option to Restore my computer to an earlier time> before I could even click the Next button a Webpage Error box popped up asking "Do you want to debug this webpage? This webpage contains errors that might prevent it from displaying or working correctly. If you are not testing this webpage, click No." There is a check in the option to Use the built-in script debugger in Internet Explorer. There is a Yes or No button and below these is a white box that states... Line: 52 Error: Unspecified error.

    The Generic Host Process for Win32 Services error just popped up again asking if I want to Debug, Send Error Report, or Don't Send.

    svchost.exe - Application Error popped up, too

    System Restore is still open but I can't access it. I think I must first choose Yes or No on the Webpage Error.

    I guess I'll wait to get further instruction from you.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No, you told me what started happening. You did not make any reference to downloading, installing, uninstalling or anything else that you had done before the problem began. On occasion, for instance, if someone were to say-"all I did was update the driver for ****" then I would suggest removing the driver to see if that made a difference.

    DDS doesn't just overlook processes that are running. If it shows no processes running, then there is a system problem of some kind preventing their display.

    When you mentioned the command for System Restore in Post #3 of the original thread, you said:
    all you said was that you typed was rstrui.exe , then got message it was a bad command.You did not indicate that you had input the entire path of %systemroot%\system32\restore\rstrui.exe

    Please understand> I read the other thread first. It will not be useful if you debate every point. I am not surprised that System Restore didn't work. I don't think the Services are set correctly.

    I asked you to try and run a program that will display information including status of whether Services-and/or their dependencies are running. All you give me was:
    I can't do anything with this.

    If you would like to work with me, I will try to help you.
     
  6. RebKit

    RebKit TS Rookie Topic Starter

    I tried to run VEW but it gave me this error: "Run-time error '-2147023170 (800706be)': Automation error The remote procedure call failed.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have reviewed your original thread here, the thread on the other site and the continuing problems on this thread in trying to get information about the failed processes. Here is a synopsis of what you have done so far, but has failed to return the mini to a workable system:
    DDS does not return a correct log
    VEW gives error and won't run
    Failed identification of the Generic Host Processes for Win32/svchost
    System will not restore.

    I recommend that you do a Recovery.
    The difference between performing a recovery and restoring the computer is the procedure's impact on files saved on your computer.
    From HP:
    In case of system failure or instability, you can recover the operating system and programs installed at the factory.
    See this section on the HP site I have referenced: It will take you through creating the USB boot and the Recovery:
    Creating a bootable USB flash drive using a Windows computer
    http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01634414&lc=en&dlc=en&cc=us&product=3860346

    Follow the directions and the screen shots for the bootable USB drive and the Recovery.

    I do not think there is any other solution.
     
  8. RebKit

    RebKit TS Rookie Topic Starter

    I read the link you provided to perform a recovery. Unfortunately, I wasn't able to find the file that I need (HP MIE Restore Image Creator (for Windows) as instructed under the subtitle "Creating a bootable USB flash drive using a Windows computer". I searched the support drivers and downloads for HP 2133 Windows XP Pro but didn't see any restore files to download.

    Thanks for your help even though we weren't able to fix the computer. I think it's time to give it back to my sister and let her take it to get fixed because I GIVE UP!!! :) Thanks again.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You might have her check that same section on the HP but use another method. All I could use was HP Mini w/Win XP. If she can feed a model # in, then look for "Restore", there may be a different option. With all the problems that you ran into, it may be that 'hands on' will work better.

    Good luck.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...