1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Services.exe

Discussion in 'Virus & Other Malware Removal' started by YvanYvan, Jan 24, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. YvanYvan

    YvanYvan Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    2
    Hi guys,

    I have a huge problem. I got problems with Trojan's worm and secure32 sh**. I think I fixed most of the problems with CounterSpy, HiJackThis and some others but...

    My Win XP give me a winDialog called : To protect your computer, Windows has closed this program : Services & Controlers application("Applications Services et Contrôleur") (My computer system is in french, so I translate it like that)

    Also, a windows pop up tell me that my system will be shutdown in 1 minute.

    I can stop this process with "shutdown -a" but my computer is like a turtle (and this is not a joke), for example, to open the control panel, it can take me 2 or 3 minutes...

    Can someone help me?

    If not, do you think I can take another hard drive, install my WIN XP and put my actual hard drive as slave (I need my client files) without any danger?

    Thank you very much for your help

    (please, excuse my english)

    Yvan

    P.S. here is my last HiJack log :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:29:06, on 2006-01-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\crazy browser\Crazy Browser.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\mdm.exe
    C:\Documents and Settings\Yvan\Bureau\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Newsplorer 1.0] "C:\Program Files\Newsplorer\Newsplorer.exe"
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13ae17a3b7db43706c18/netzip/RdxIE601_fr.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137991087234
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137990522953
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    If you are able to reach the Windows Desktop, you will need to troubleshoot Windows XP thru a Clean Boot.

    Clean boot is the process of disabling and removing some programs and drivers from the Windows startup process. This is done to identify and troubleshoot issues occurring with Windows XP.

    NOTE: Following these steps may result in loss of some functionality temporarily. Restoring the settings may return the original error message or problem.

    To perform a clean boot in Windows XP, follow these steps:

    1. Log in as an Administrator or a member of the Administrators group.
    2. Click Start, select Run, and type MSConfig.exe in the command line.
    3. Click OK.
    4. Select the General tab and click Selective Startup.
    5. Deselect all the checkboxes except Use Original Boot.ini.
    6. Click OK and restart the computer.

    Hopefully, when you restart the system the error should be gone. If the error reoccurs, there must be something wrong with the Windows Installation, and you may need to run the Quick Restore CD as to restore the computer to factory settings, or if a clean install, you will need to reformat and reinstal Windows XP.

    If the error message does not appear, then perform the following steps:

    1. Click Start, select Run, and type MSConfig.exe in the command line.
    2. On the General tab, select the Process SYSTEM.INI File checkbox.
    3. Click OK and restart the computer. If the error reappears, then the issue is with an entry in the System.ini file.
    4. If the error message does not reappears, then rum MSconfig again and select the Process WIN.INI file. Continue with this process until the error message reapears, selecting one of each item such as, Load Startup Items, Load System Services checkboxes.
    5. When the issue reappears for any of the selected entries, you will need to edit that particular item.

    For example, if the problem reappears after selecting the Win.ini file,click the Win.ini tab in System Configuration Utility as to edit that configuration file. Clear half of the check boxes, ( except for those clearly marked as required) click OK, and then restart your computer. Continue this process until you locate the setting that is causing the issue.

    Post back the results with the setting causing the issue, if identified..
     
  3. YvanYvan

    YvanYvan Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    2
    Hi JSntgRvr,

    Thank you very much for your help, I really appreciate,

    I followed your "receipe" and the error reoccurs at the first time I reboot, so I will stop wasting my time (I'm unable to work since sunday)... I will buy a new hard drive and built a new system. I have 3 computer in my office and the two others are working (seems to work) very well.

    So, I hope I will be able to put my (let's say) infected hard drive as slave to the new one without any propagation... :confused:

    Again, thank you!

    Yvan
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Services
  1. lilaco
    Replies:
    0
    Views:
    258
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436997

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice