[Active] XP Security 2012 leading to netbt.sys issues

952SF · Dec 26, 2011

Bobbye said: ↑
I'm sorry- the last cmd parsed on me. It should be:
Code:
net start wuauserv
I don't think it will accomplish anything because we're getting the 'it's missing' message!
OK...different results now (haven't done SFC yet, just redoing the command prompt sequence):

net stop wuauserv
The Automatic Update service is stopping.
The Automatic Update service was stopped successfully.

cd /d C:\windows\SoftwareDistribution
--changed command prompt, as expected--

rd /s DataStore;net
DataStore, Are you sure (Y/N)? (I said yes)
net, Are you sure (Y/N)? (y, again)
The system cannot find the file specified.

net start wuauserv
The Automatic update service is starting..
The Automatic update service has started successfully.

-----

Checked service, still not listed. Rebooted, still not listed.

-----

I'll run SFC now...

952SF · Dec 27, 2011

Completed SFC scan, restarted...still not there. THere were probably about 10-12 times that it asked for a different CD (either SP3 or CD2)...but I expected that to be the case.

Bobbye · Dec 27, 2011

Okay, let me check with another helper about this.

Did you try an update? Did you get the same missing' message?

952SF · Dec 27, 2011

I updated Microsoft Security Essentials, and it didn't give me any errors.

(also double checked services.mse, missing service still not there.)

Bobbye · Dec 27, 2011

Check for Service named Windows Updates Set to Automatic, Start the Service.

Then run this again:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

952SF · Dec 27, 2011

should the Windows Updates service be listed under Run>services.msc?

If so, it is not there...or anything that looks like it could be the same with a slightly different name.

Shoud I run the SystemLook anyhow?

Bobbye · Dec 28, 2011

Okay, let's check some things:

Please run the MGA Diagnostics tool

You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.

You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>

You must choose to Run this tool when prompted.

Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.

If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.

After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy

Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.

952SF · Dec 28, 2011

From MGA: (never asked to resolve an issue).
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: ***************************=
Windows Product ID: 76487-OEM-2211906-00825
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {0790E478-9F44-4E96-8286-C39B5BDB0372}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
Microsoft Office Basic Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0790E478-9F44-4E96-8286-C39B5BDB0372}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CFT3</PKey><PID>76487-OEM-2211906-00825</PID><PIDType>2</PIDType><SID>S-1-5-21-62473494-4203351184-775287155</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A17</Version><SMBIOSVersion major="2" minor="4"/><Date>20070613000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>36493AAF0184606E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Inspiron I6400</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>239C7115AC30D14</Val><Hash>dRpeo4sQp5FVyKBsf3qys0QBblM=</Hash><Pid>54186-761-3661543-17332</Pid><PidType>1</PidType></Product><Product GUID="{91130409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Basic Edition 2003</Name><Ver>11</Ver><Val>9F3C22A121A972A</Val><Hash>2f0DV2/JJq1Og9VjCHNA+m0E0CM=</Hash><Pid>73102-OEM-5691725-25953</Pid><PidType>6</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 4000ell Inc|4000:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

[----------------------------]

Answers to your questions:
1) Windows XP Media Center
2) There is a COA Sticker on the computer, it does not say either OEM PRoduct or Software.
3) The sticker has both MS and Dell on it.

Finally: I did more digging and found original documentation/restoration discs. I did run SFC with the original Operating System reinstallation DVD. It asked for CD2 fewer times, it still did ask for it (I again clicked cancel in that dialogue box). After that completed, I checked then rebooted and checked services.msc and still come up blank.

Thanks.

Bobbye · Dec 29, 2011

But you can update now- right?

952SF · Dec 29, 2011

I have been able to update both Windows and MSE

Bobbye · Dec 29, 2011

Well you know what they say> "If it ain't broke, don't fix it!" Obviously the updater is working and you are not getting the 'missing' reg entry.

Let's do one more thing to make sure this file is right:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind
netbt.sys
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
=============================
Are there any unresolved problems remaining?

952SF · Dec 29, 2011

I tend to agree "if it aint broke...", and I wouldn't have known about the wuauserv thing - who knows, it may have never been there.

SystemLook Log:
SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 29/12/2011 by Advanced Tree Health
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\i386\netbt.sys --a---- 162816 bytes [03:02 28/07/2006] [10:00 10/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [02:11 14/09/2008] [10:00 10/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [01:54 14/09/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\dllcache\netbt.sys --a---- 162816 bytes [01:54 14/09/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [01:54 14/09/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D

-= EOF =-

Bobbye · Dec 30, 2011

Let's go head and run this:

Please download Farbar Service Scanner

Check Include all files option

Press the Scan button

Log named FSS.txt will be created in the same directory as the tool

Please paste the log into your next reply

-------------------------
New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.

952SF · Dec 30, 2011

Hope you have/had a good New Years.

Thanks.

FSS.txt

Farbar Service Scanner
Ran by (administrator) on 30-12-2011 at 21:19:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000B0000000C00000005000000080000000600000007000000090000000A000000

**** End of log ****

Bobbye · Dec 30, 2011

Well there is is-big as life: C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

I will ask Broni to have a look at it Monday- see if there is anything we need to do.

TechSpot

[Active] XP Security 2012 leading to netbt.sys issues

952SF Newcomer, in training

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe

952SF Newcomer, in training

Bobbye Helper on the Fringe