Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

NLA service can't start

- - - - -

  • Please log in to reply
7 replies to this topic

#1
cjohn

cjohn
  • Member
  • 9 posts
  • OS:XP Pro x86
  • Country: Country Flag
Hi all,

Yesterday, I installed the latest Windows Update, which includes some Windows Malicious Software Remover (maybe not exactly this name, but almost it). After installed, it starts up and reports that some virus or malware are found, asking me whether to remove it. Of course I clicked yes. So far so good, and then I turned off my notebook and went to bed.

But today, when I started up my XP system (SP3), in the bottom-right tray, it always saying that it is "acquiring network address". It is forever in this state, though I can connect to the internet and "ipconfig" in the console shows that my notebook already got assigned a DHCP address.

Later, I googled this symptom, and found that it is because NLA (Network Location Awareness) service didn't get started. OK, I tried to start the service, but come across the following error:
Error 127: The specified procedure could not be found.

I tried "sfc /scannow" while inserting my Dell Windows XP Reinstallation CD. After the process is finished, the problem remains the same.

Looks like something is wrong with the svchost process, but I don't know what the problem is. I have a vague impression that the Windows Malicious Software Remover removed some virus/malware in svchost. Is it the cause? But the removing process is irreversible, so I don't have a way to test it.

I tried Windows Update, and it says my system is up to date.

At my wit's end now. Hopefully, I can get some suggestions here.


How to remove advertisement from MSFN

#2
-X-

-X-

    Member

  • Patrons
  • 2,406 posts
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Can you attach the mrt.log? It's located in C:\Windows\Debug\

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#3
cjohn

cjohn
  • Member
  • 9 posts
  • OS:XP Pro x86
  • Country: Country Flag

Can you attach the mrt.log? It's located in C:\Windows\Debug\


Here it is:


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Wed Oct 27 13:11:05 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 27 13:11:44 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.12, October 2010
Started On Wed Oct 27 13:17:44 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 27 13:18:20 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.13, November 2010
Started On Wed Nov 10 12:35:43 2010
->Scan ERROR: resource process://pid:2180 (code 0x00000005 (5))

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 10 12:37:19 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.14, December 2010
Started On Thu Dec 16 09:55:32 2010

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 16 09:57:09 2010


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.15, January 2011
Started On Wed Jan 12 09:30:21 2011

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 12 09:36:04 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.16, February 2011
Started On Wed Feb 09 11:46:49 2011

Engine internal result code = 80508015

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 09 11:51:27 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.17, March 2011
Started On Thu Mar 10 12:12:35 2011
->Scan ERROR: resource process://pid:1832 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 10 12:15:21 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.17, March 2011
Started On Fri Apr 01 13:17:04 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 01 13:22:04 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
Started On Thu Apr 14 18:03:07 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 14 18:05:43 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.18, April 2011
Started On Wed Apr 27 11:45:34 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 27 11:53:04 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.19, May 2011
Started On Wed May 11 09:09:10 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 11 09:11:40 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.20, June 2011
Started On Wed Jun 15 09:34:49 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 15 09:37:07 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.21, July 2011
Started On Wed Jul 13 10:29:54 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 13 10:32:55 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v3.22, August 2011
Started On Wed Aug 10 09:28:15 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 10 09:31:14 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
Started On Wed Sep 14 07:27:49 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 07:30:28 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.0, September 2011
Started On Wed Sep 28 21:57:00 2011
->Scan ERROR: resource process://pid:1816 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2372 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 28 21:59:42 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.1, October 2011
Started On Wed Oct 12 10:24:45 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 12 10:27:09 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.2, November 2011
Started On Wed Nov 09 21:56:31 2011

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 21:58:46 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.3, December 2011
Started On Wed Dec 14 19:42:49 2011
->Scan ERROR: resource rootkit:// (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 14 19:45:17 2011


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012
Started On Wed Jan 11 21:46:55 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 11 21:49:08 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.5, February 2012
Started On Wed Feb 15 20:54:30 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 15 20:57:27 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012
Started On Tue Mar 13 18:29:50 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 13 18:32:42 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
Started On Wed Apr 11 11:22:20 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 11 11:32:57 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Thu May 10 23:54:34 2012
->Scan ERROR: resource rootkit:// (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 10 23:57:16 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Wed Jun 13 00:47:30 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 00:50:02 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Tue Jul 10 19:49:08 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 10 19:51:51 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Thu Aug 16 20:58:56 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 21:01:55 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Wed Sep 12 02:06:13 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 12 02:08:52 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Wed Oct 10 16:13:39 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 16:16:32 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Sat Nov 17 17:32:51 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 17 17:35:56 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Thu Dec 13 01:14:21 2012

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 01:17:08 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Wed Jan 09 22:18:07 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 22:21:04 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Tue Feb 12 20:16:26 2013

Quick Scan Results for 56F05F79-C63B-4FBC-8C81-A34537370F19:
----------------
->Scan ERROR: resource rootkit:// (code 0x0000054F (1359))
Threat detected: TrojanDropper:Win32/Sirefef.B
file://C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X
SigSeq: 0x0000B378189736F0
SHA1: 72745000207FF4261713407035983239611AE6C2
winlogonshell://HKCU@S-1-5-21-1482476501-1532298954-839522115-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X
Threat detected: Trojan:Win32/Sirefef.H
driver://Serial
file://C:\WINDOWS\system32\DRIVERS\serial.sys
SigSeq: 0x00009C7852D46378
SHA1: 073D45D442D82FDB8B08C063DAE0A5ECF39CE997
Threat detected: Trojan:Win32/Sirefef.O
file://C:\WINDOWS\3326800765:2181870905.exe
SigSeq: 0x00001020ABA6821F
SHA1: F5F7AF21AD46782C562291A280482216DAFA6204
regkey://HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\7df34ac6
Threat detected: Trojan:Win32/Sirefef.BB
file://C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
SigSeq: 0x00000555145B4DD0
SHA1: 4721B18F4F974FC9D889CC160EA08ED0F93CFB04

Quick Scan Removal Results
----------------
Start 'remove' for regkey://HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\7df34ac6
Operation succeeded !

Start 'remove' for winlogonshell://HKCU@S-1-5-21-1482476501-1532298954-839522115-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL:C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X
Operation succeeded !

Start 'remove' for driver://Serial
Operation was scheduled to be completed after next reboot.

Start 'remove' for file://\\?\C:\WINDOWS\system32\DRIVERS\serial.sys
Operation succeeded !

Start 'remove' for file://\\?\C:\WINDOWS\assembly\GAC_MSIL\desktop.ini
Operation succeeded !

Start 'remove' for file://\\?\C:\WINDOWS\3326800765:2181870905.exe
Operation succeeded !

Start 'remove' for file://\\?\C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\X
Operation succeeded !


Results Summary:
----------------
For cleaning Trojan:Win32/Sirefef.H, the system needs to be restarted.
Found Trojan:Win32/Sirefef.BB and Removed!
Found Trojan:Win32/Sirefef.O and Removed!
Found TrojanDropper:Win32/Sirefef.B and Removed!
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 20:22:50 2013


Return code: 10 (0xa)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Tue Feb 12 20:24:41 2013
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 12 20:25:47 2013


Return code: 6 (0x6)

#4
-X-

-X-

    Member

  • Patrons
  • 2,406 posts
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Looks like you were infected with the Trojan:WinNT/Sirefef.H. Did you run any keygens or cracks lately?
I don't see anything the MSRT cleaned that could be causing the problem. Please run the Eset online scanner and post the results.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#5
cjohn

cjohn
  • Member
  • 9 posts
  • OS:XP Pro x86
  • Country: Country Flag

Looks like you were infected with the Trojan:WinNT/Sirefef.H. Did you run any keygens or cracks lately?
I don't see anything the MSRT cleaned that could be causing the problem. Please run the Eset online scanner and post the results.


No, I haven't use any keygen/crack for a long time.

Here is the online scan report:
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\00000001.@ a variant of Win32/Sirefef.CR trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\000000c0.@ Win32/Conedex.A trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\000000cf.@ Win32/Conedex.A trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\80000000.@ probably a variant of Win32/Sirefef.FA trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000c0.@ Win32/Sirefef.EN trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000cb.@ a variant of Win32/Sirefef.FL trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\7df34ac6\U\800000cf.@ Win32/Sirefef.DV trojan
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Win32/Patched.HN trojan
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe Win32/Patched.HN trojan

But none of them can be cleaned.

Any further measure to be taken?

#6
-X-

-X-

    Member

  • Patrons
  • 2,406 posts
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Format and reinstall.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#7
cjohn

cjohn
  • Member
  • 9 posts
  • OS:XP Pro x86
  • Country: Country Flag

Format and reinstall.


Too time consuming. Out of the question.

#8
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • OS:none specified
  • Country: Country Flag


Format and reinstall.

Too time consuming. Out of the question.

Take this HDD out, place it into another computer (e.g., as drive D:). From that computer scan it first using MBAM and then with AV (like MSE). Both software should be configured to scan ALL FILES, not just programs and documents. Be prepared to this several times with each software because it cannot be pronounced "safe" until they each come up clean. This can be very time-consuming, on the orders of hours for each scan depending on the size of the HDD and the PATA/SATA, CPU and bus speed of the host computer.

Supplemental tasks can be accomplished while you are there, for example emptying out all the temp folders, deleting the pagefile and hibernate file (they will be re-created as needed, but cleanly) and you can also manually target internet cache folders and all other locations where malware might be hiding. This also allows you to remotely edit BOOT.INI and/or replace the boot sector if necessary without interference from the original system.

FYI: It helps if you have an alternate computer already setup for these purposes. Certain things need to be tamed to make the mounting of other HDD's painless. For example, telling system restore and disk indexing to not monitor other mounted HDDs ( or just kill the silly things). AutoRun should be disabled for other HDD's so the system doesn't try to run something the root folder of this infected HDD. ADDED: actually AutoRun should only execute if you attach the drive via a IDE/SATA to USB adapter, so naturally ignore this if you connect the HDD internally.

EDIT: typos

EDIT2: to cjohn ... you might want to encapsulate that virusscan result in Post #3 ( use "Full Editor" ) in SPOILER tags to collapse it which will shorten the vertical height of the page. Some people stop scrolling through those kinds of results once they get too long!

Edited by CharlotteTheHarlot, 17 February 2013 - 03:10 AM.

... Let him who hath understanding reckon the Number Of The Beast ...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN