Re: Services won't start - nothing responds
- From: "Gerry" <gerry@xxxxxxxxxx>
- Date: Tue, 4 Nov 2008 22:21:05 -0000
Alberto
I cannot help with a HijackThis log. It is a highly specialised topic
deal with by experts in forums dedicated to dealing with them. I do
think there are signs you have a malware infestation. I spotted at least
two items recommended for removal.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Alberto wrote:
Gerry,
Here is a HiJack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:10 PM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Documents and Settings\Owner\My Documents\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3504
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no
file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no
file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
(no file) O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program
Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC
Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC
Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background O4 - HKCU\..\Run:
[IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program
Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-1744154408-1836162969-2273777021-1003\..\Run: [PC
Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe"
-onlytray (User '?')
O4 - HKUS\S-1-5-21-1744154408-1836162969-2273777021-1003\..\Run:
[Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe"
/NoDialog (User '?')
O4 - HKUS\S-1-5-21-1744154408-1836162969-2273777021-1003\..\Run:
[MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User
'?')
O4 - HKUS\S-1-5-21-1744154408-1836162969-2273777021-1003\..\Run:
[IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program
Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe"
ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O16 - DPF: vzTCPConfig -
http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro
ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
- http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download
Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Windows Audio
(AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) -
Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Computer Browser (Browser) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSvcHst.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: COM+ Event System (EventSystem) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility
(FastUserSwitchingCompatibility) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Server (lanmanserver) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero
7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner
- C:\WINDOWS\system32\svchost.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program
Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) -
Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS)
(SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown
owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Restore Service (srservice) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Symantec Core LC - Unknown owner -
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Terminal Services (TermService) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) -
Unknown
owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Time (W32Time) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown owner -
C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management
Instrumentation (winmgmt) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) -
Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Security Center (wscsvc) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner -
C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner -
C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner
- C:\WINDOWS\System32\svchost.exe
Alberto
I had System File Checker in mind but given the lack of a CD that is
not practical.
What errors appear in Event Viewer?
Please post copies of all Error and Warning Reports appearing in the
System and Application logs in Event Viewer relating to the last
boot in normal mode . No Information Reports or Duplicates please.
Indicate which also appear in a previous boot.
You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.
A tip for posting copies of Error Reports! Run Event Viewer and
double click on the error you want to copy. In the window, which
appears is a button resembling two pages. Click the button and close
Event Viewer.Now start your message (email) and do a paste into the
body of the message. Make sure this is the first paste after exiting
from
Event Viewer.
Are there any yellow question marks in Device Manager? Right click on
the My Computer icon on your Desktop and select Properties,
Hardware,Device Manager. If yes what is the Device Error code?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Alberto wrote:
Gerry,
I have an eMachines T3504 which started with SP1 I believe and was
updated to SP2 through a download. I do not have a CD that came with
this computer, only the restore disk. I am trying to avoid doing a
Restore - I did it once and a few minor things got changed and I
don't have all the original program CD's for a number of
applications.
I do have an XP CD from an older computer, but I am pretty sure it
is also SP1.
What were you thinking?
"Gerry" wrote:
Alberto
What do you have by way of of a Windows XP CD? Does it contain the
SP2 update?
What is your computer make and model?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Alberto wrote:
Windows XP Home SP2 - I tried to solve an issue with Cryptographic
services not being able to start by using KB Article 931852, and
after deleting Catroot2 and renaming many of the DLL's and then
renaming the Software Distribution folder I couldn't get any of
the services to start, and of course now have no internet
connection.
I am using another computer in the home to try to solve this
issue. I tried to find a restore point, but Msconfig won't let me
find one. It tells me to restart the computer and launch System
Restore again. That does nothing.
I tried changing the names back and then registering the DLL's but
still no luck.I've tried safe mode, safe mode w/networking, LKGF
but I can't get it to work.
I've done all this after 2 days of antivirus, antispyware cleanup.
The last step was going to be Hijack This, but I thought I would
try to fix the Cryptographic service one last time.
Help Please!
.
- References:
- Services won't start - nothing responds
- From: Alberto
- Re: Services won't start - nothing responds
- From: Gerry
- Re: Services won't start - nothing responds
- From: Alberto
- Re: Services won't start - nothing responds
- From: Gerry
- Re: Services won't start - nothing responds
- From: Alberto
- Services won't start - nothing responds
- Prev by Date: Re: Does restroe point work?
- Next by Date: Re: re-installing Windows XP
- Previous by thread: Re: Services won't start - nothing responds
- Next by thread: Re: formulas
- Index(es):
