Resolved Can't launch system applications. Several application errors. Please help me..

[RebKit]

My original post can be found at https://www.techspot.com/vb/topic153408.html#post934328. I was told to come here with my logs for further help. The laptop that has the problem is a HP mini-notebook WinXp Pro Sp3, no cd rom, no internet access. I have limited program capabilities and was not able to get an antivirus program to work on it so I used Stinger.

The logs I acquired didn't produce much information, at least not to me. Hopefully they'll help someone help me fix this darn computer. Thanks in advance for your help!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4618

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/17/2010 5:32:46 AM
mbam-log-2010-09-17 (05-32-46).txt

Scan type: Quick scan
Objects scanned: 128226
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-17 08:25:07
Windows 5.1.2600 Service Pack 3
Running: 8fsr40nf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA5DC4D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA5DC520]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP58\A0029376.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0036550.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0036562.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0037562.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038572.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038580.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038626.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038724.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038734.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038772.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038877.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{3FD2A93B-1907-40CA-B118-F1030994E5A2}\RP60\A0038902.exe:BAK 22528 bytes executable

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 8:50:08.14 on Fri 09/17/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============

ProcessList.txt
(log empty)


Please let me know if you need more from me. Thanks so much!

 

[RebKit]

I went ahead and ran Hijack This. It said something about BHO: WormRadar.com so I'm posting it here for further review.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:55 AM, on 9/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rpcnetp.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Troubleshooting Software\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

--
End of file - 3238 bytes

 

[Bobbye]

I will try to help. But you're going to have to stop doing things on your own once we start> no other cleaning programs or scans unless I instruct you to run them. No Registry cleaner or Registry changes.

As for this:\O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
As you can see, this browser helper object is part of AVG.

I seriously doubt that the necessary Services are running. Without them, the system can't do what it is suppose to do. There is only 1 Services in the HJT log and it's AVG. Even 'minis' need more than that running.

DDS shows 'no processes running'> so, you can't expect to do much!

You mention this:

I opened command prompt to type rstrui.exe, but when I'd hit enter I'd get a message saying "The command is not recognized..."

That was because the command wasn't correct.

To start System Restore using the Command prompt, follow these steps:
1. Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Use the arrow keys to select the Safe mode with a Command prompt option.
• If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
• Log on as an administrator or with an account that has administrator credentials.
• At the command prompt, type:
  %systemroot%\system32\restore\rstrui.exe> then press ENTER.
• . Follow the instructions that appear on the screen to restore your computer to a functional state.

See if you can get in that way and let me know the results.

You do not mention what you may have done before the problem started, so we have nothing to go on from there. If you can get into the system to do a system restore-if there is even a restore point available, there should be a partition with a repair or recovery on it if needed.

If you can boot into Normal Mode, I'd like you to run this> you will need to download it on the flash drive, then install on the mini:

Please download VEW and save it to your Desktop:

Setting up the program
Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  Under Select type to list, select:
• Critical (Vista only)
• Error
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.

Load the log

• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

This will give me an idea of what Services/Drivers can't run and if any of the Dependencies aren't set. It's best in Normal Mode because some won't start in Safe Mode and that information would be misleading..

 

[RebKit]

No worries! I will do exactly what you tell me, nothing more, nothing less. I'm grateful that you're here to help. Thx.

You do not mention what you may have done before the problem started, so we have nothing to go on from there.

I mention this in detail in my original post in the Operating Systems and Software Forum at https://www.techspot.com/vb/topic153408.html#post934328 Please let me know if I should copy the details here.

DDS shows 'no processes running'> so, you can't expect to do much!

I am assuming that DDS didn't see the processes that were running. Task Manager listed 24 processes running, but DDS didn't report any of them.

To start System Restore using the Command prompt, follow these steps:

In command prompt I typed %systemroot%\system32\restore\rstrui.exe then pressed ENTER. This popped up: System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again.

I restarted normally, opened command prompt I typed %systemroot%\system32\restore\rstrui.exe then pressed ENTER. System Restore did not open, but a Generic Host Process for Win32 Services error report popped up > Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. To see what data this error report contains, click here. > Error signature... (just as I was typing this System Restore opened.) I closed the error report by clicking Don't Send.

On the Welcome to System Restore screen I clicked the option to Restore my computer to an earlier time> before I could even click the Next button a Webpage Error box popped up asking "Do you want to debug this webpage? This webpage contains errors that might prevent it from displaying or working correctly. If you are not testing this webpage, click No." There is a check in the option to Use the built-in script debugger in Internet Explorer. There is a Yes or No button and below these is a white box that states... Line: 52 Error: Unspecified error.

The Generic Host Process for Win32 Services error just popped up again asking if I want to Debug, Send Error Report, or Don't Send.

svchost.exe - Application Error popped up, too

System Restore is still open but I can't access it. I think I must first choose Yes or No on the Webpage Error.

I guess I'll wait to get further instruction from you.

 

[Bobbye]

Recently my computer has started displaying the "svchost.exe Application Error" message. There is also another window that appears frequently that says "Generic Host Process for Win32 Services" and then "Generic Host Process for Win32 Service has encountered a problem and needs to close."

No, you told me what started happening. You did not make any reference to downloading, installing, uninstalling or anything else that you had done before the problem began. On occasion, for instance, if someone were to say-"all I did was update the driver for ****" then I would suggest removing the driver to see if that made a difference.

DDS doesn't just overlook processes that are running. If it shows no processes running, then there is a system problem of some kind preventing their display.

When you mentioned the command for System Restore in Post #3 of the original thread, you said:

I opened command prompt to type rstrui.exe, but when I'd hit enter I'd get a message saying "The command is not recognized..."

all you said was that you typed was rstrui.exe , then got message it was a bad command.You did not indicate that you had input the entire path of %systemroot%\system32\restore\rstrui.exe

Please understand> I read the other thread first. It will not be useful if you debate every point. I am not surprised that System Restore didn't work. I don't think the Services are set correctly.

I asked you to try and run a program that will display information including status of whether Services-and/or their dependencies are running. All you give me was:

The Generic Host Process for Win32 Services error just popped up again asking if I want to Debug, Send Error Report, or Don't Send
svchost.exe - Application Error popped up, too

I can't do anything with this.

If you would like to work with me, I will try to help you.

 

[RebKit]

I tried to run VEW but it gave me this error: "Run-time error '-2147023170 (800706be)': Automation error The remote procedure call failed.

 

[Bobbye]

I have reviewed your original thread here, the thread on the other site and the continuing problems on this thread in trying to get information about the failed processes. Here is a synopsis of what you have done so far, but has failed to return the mini to a workable system:

1. When I first started working on it I couldn't access anything except Task Manager. Windows would freeze after logon and the svchost.exe application error would pop up
2. I still get the svchost.exe application errors, along with a win generic host error and some other errors.
3. After these errors the desktop would black-out and lose its formatting like Win98
4. I tried changing the registry to close ports 445 and port 135 to make the errors stop (according to some people it worked for them) BUT this has NOT worked for me.
5. C:\Program Files\AVG\AVG9\avgui.exe The application has failed to start because the application configuration is incorrect.
6. pull up Task Manager where I opened command prompt to type rstrui.exe, but when I'd hit enter I'd get a message saying "The command is not recognized..."
7. I entered chkdsk f/ r/ in CMD and restarted Windows. After about 4 to 5 hours of scanning Windows restarted to the normal Desktop background with working start menu, desktop functionality.
8. I still get the svchost.exe application errors, along with a win generic host error and some other errors.
9. I cannot open: Device Manager, Services, Events Viewer, My Computer's Properties, System Information, Disk Manager, ...
10.Made Registry change on: TransportBindName and DCOM

DDS does not return a correct log
VEW gives error and won't run
Failed identification of the Generic Host Processes for Win32/svchost
System will not restore.

I recommend that you do a Recovery.
The difference between performing a recovery and restoring the computer is the procedure's impact on files saved on your computer.
From HP:

• A Recovery erases the hard disk drive and re-installs the original operating system, software applications, and drivers that were factory installed at the time of purchase. It will not recover any operating system updates, new or updated applications that you may have installed, nor will it recover your personal data files, such as e-mails, personal correspondence, music, or photos you have saved on the computer.
• A Restore copies files from a backup disc and resets the computer image to the conditions that existed at an earlier point in time called a restore point.

In case of system failure or instability, you can recover the operating system and programs installed at the factory.
See this section on the HP site I have referenced: It will take you through creating the USB boot and the Recovery:
Creating a bootable USB flash drive using a Windows computer
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01634414&lc=en&dlc=en&cc=us&product=3860346

Follow the directions and the screen shots for the bootable USB drive and the Recovery.

I do not think there is any other solution.

 

[RebKit]

I read the link you provided to perform a recovery. Unfortunately, I wasn't able to find the file that I need (HP MIE Restore Image Creator (for Windows) as instructed under the subtitle "Creating a bootable USB flash drive using a Windows computer". I searched the support drivers and downloads for HP 2133 Windows XP Pro but didn't see any restore files to download.

Thanks for your help even though we weren't able to fix the computer. I think it's time to give it back to my sister and let her take it to get fixed because I GIVE UP!!! Thanks again.

 

[Bobbye]

You might have her check that same section on the HP but use another method. All I could use was HP Mini w/Win XP. If she can feed a model # in, then look for "Restore", there may be a different option. With all the problems that you ran into, it may be that 'hands on' will work better.

Good luck.