Author Topic: Windows RPC server question continued in a topic (Read 11054 times)

Coolmario88 · « **on:** January 12, 2012, 09:11:37 PM »

I created this topic cause i was messageing essexboy for help for something that deals with the RPC server giving me problems on my other computer that is a Windows XP 32-bit PC

Edit: I'll post the log in a few minutes

Quote

Coolmario88 · « **Reply #1 on:** January 12, 2012, 09:22:02 PM »

Here is the log of the scan

essexboy · « **Reply #2 on:** January 12, 2012, 09:34:17 PM »

I have highlighted the problem areas - Do you have access to another xp system ?

Farbar Service Scanner
Ran by Ray (administrator) on 12-01-2012 at 15:19:21
Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Nsi Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open nsiproxy registry key. The service key does not exist.
Checking LEGACY_nsiproxy: Attention! Unable to open LEGACY_nsiproxy\0000 registry key. The key does not exist.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open mpsdrv registry key. The service key does not exist.
Checking LEGACY_mpsdrv: Attention! Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

File Check:
========
Attention! C:\WINDOWS\system32\nsisvc.dll is missing.
Attention! C:\WINDOWS\system32\Drivers\nsiproxy.sys is missing.
Attention! C:\WINDOWS\system32\Drivers\nsiproxy.sys is missing.
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\tdx.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
Attention! C:\WINDOWS\system32\mpssvc.dll is missing.
Attention! C:\WINDOWS\system32\bfe.dll is missing.
Attention! C:\WINDOWS\system32\Drivers\mpsdrv.sys is missing.
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit

**** End of log ****

Coolmario88 · « **Reply #3 on:** January 12, 2012, 09:35:56 PM »

No, I don't have access to another windows xp system. I have ubuntu on a cd as a backup OS though

essexboy · « **Reply #4 on:** January 12, 2012, 09:40:44 PM »

OK first we will determine if there are copies of the files on your system

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
nsisvc.*
nsiproxy*
tdx.*
bfe.*
mpsdrv.*
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

Coolmario88 · « **Reply #5 on:** January 12, 2012, 10:10:13 PM »

Here is both of the logs

essexboy · « **Reply #6 on:** January 12, 2012, 10:15:32 PM »

Oh Oh no spares... Could you wait till saturday when I install my xp vm ?

Once it is up and running I will get the necessary reg files and files for you

Coolmario88 · « **Reply #7 on:** January 12, 2012, 10:18:43 PM »

Quote from: essexboy on January 12, 2012, 10:15:32 PM

Oh Oh no spares... Could you wait till saturday when I install my xp vm ?

Once it is up and running I will get the necessary reg files and files for you

Yeah i can wait

essexboy · « **Reply #8 on:** January 12, 2012, 10:21:01 PM »

OK downloading a copy of VMWare ready

essexboy · « **Reply #9 on:** January 13, 2012, 11:15:01 PM »

VM installed and now doing a shedload of updates... I think I will slipstream SP3 into my disc for next time

essexboy · « **Reply #10 on:** January 14, 2012, 03:43:57 PM »

OK in a few moments I will upload a zip file for you to my site - It will be called Mario.zip, original I know

I will post the link in a minute as soon as it is uploaded

Once you have completed this could you re-run Farbar please

In there you will find some registry entries and files

Run in the following order :

RestoreBFE.exe
BFE.reg
mpssvc.reg

Copy the following files to the location stated:

tdx.sys to C:\WINDOWS\system32\Drivers\tdx.sys
nsiproxy.sys to C:\WINDOWS\system32\Drivers\nsiproxy.sys
nsisvc.dll to C:\WINDOWS\system32\nsisvc.dll
bfe.dll to C:\WINDOWS\system32\bfe.dll
mpsdrv.sys to C:\WINDOWS\system32\Drivers\mpsdrv.sys

Then run the following commands

regsvr32 nsisvc.dll
regsvr32 bfe.dll

Coolmario88 · « **Reply #11 on:** January 14, 2012, 04:03:49 PM »

Ok will do.. waiting for the link

essexboy · « **Reply #12 on:** January 14, 2012, 04:56:53 PM »

Here is the link https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B%21117&sc=documents

Sorry for the delay, my other half snaffled the computer

Coolmario88 · « **Reply #13 on:** January 14, 2012, 05:15:46 PM »

Couldn't run "RestoreBFE.exe" here is the error i got.. (see pic)

essexboy · « **Reply #14 on:** January 14, 2012, 05:55:59 PM »

Continue with the rest please

Author Topic: Windows RPC server question continued in a topic (Read 11054 times)

Coolmario88

Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic

Coolmario88

Re: Windows RPC server question continued in a topic

essexboy

Re: Windows RPC server question continued in a topic