Over 1 million tech questions and answers.

Windows\system32\services\services.exe message at start up

Q: Windows\system32\services\services.exe message at start up

Hi, I hope someone can help. Many family member surf the web on this computer and I thought it was well protected (too many to list) but I have some strange things going on. I get the message "Windows\system32\services\services.exe" at start up twice. Browser hijacked and other fringe benefits, LOL here is my log and Thanks in advance.
Logfile of HijackThis v1.97.7
Scan saved at 11:19:02 PM, on 4/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\WINDOWS\System32\wnscpsv.exe
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\sachost.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://lolatgp.offhost.info/out.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://lolatgp.offhost.info/out.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lolatgp.offhost.info/out.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lolatgp.offhost.info/out.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://lolatgp.offhost.info/out.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ligaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {84873954-B2C8-4C28-95E6-37194B1EFEFE} - C:\WINDOWS\System32\ligaa.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar8.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Smart Stopper - {C4370071-9FF8-4442-B9C7-F849AC0789CA} - C:\PROGRA~1\SMARTS~1\SMARTS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar8.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows report] C:\WINDOWS\swchost.exe
O4 - HKLM\..\Run: [iestart] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [devsec] C:\WINDOWS\tcp32ss.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\services.exe
O4 - HKLM\..\Run: [Extra boob] C:\PROGRA~1\MIXBON~1\AudioSendMulti.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [lgduxyl] C:\WINDOWS\lgduxyl.exe
O4 - HKLM\..\Run: [tur] C:\WINDOWS\tur.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\scchost.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Onlune Sarvice] C:\WINDOWS\sachost.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscpsv.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0m\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar8.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar8.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar8.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar8.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar8.dll/cmtrans.html
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111111147} - file://C:\Program Files\Internet Explorer\2466.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dl/adv13/x.chm::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

RELEVANCY SCORE 200
Preferred Solution: Windows\system32\services\services.exe message at start up

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Windows\system32\services\services.exe message at start up

Read other 7 answers
RELEVANCY SCORE 134.8

I get the message "Windows\system32\services\services.exe" at start up twice. Browser previously hijacked by coolsearch, etc. I already ran CWShredder. Below is my log. (Note: I altered the domain name in last 3 values for security reasons.)

Also, Acrobat 6 no longer opens *.PDF files within Internet Explorer.

Thank you in advance!

Logfile of HijackThis v1.97.7
Scan saved at 6:24:21 PM, on 5/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ofps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program File... Read more

A:[Solved] Windows\system32\services\services.exe message at start up

Read other 6 answers
RELEVANCY SCORE 114.8

For the past several days my computer has been completely useless. It generally has been indicating ("C:\WINDOWS\system32\services.exe" terminated unexpectedly), error code -1073741482. (I'm typing this from another computer, fyi).

I have tried a few things. I was going to install McAfee Total Protection to see if that would clean it up, but McAfee would not install completely because of some sort of problem apparently.

I am able to get into Safe Mode and have burned combofix to a CD on another computer, and was hoping to run it on my infected(?) computer to see if that would help, but see that the instructions say to post here first.

Any help is greatly appreciated.

A:Error Message ("C:\WINDOWS\system32\services.exe" terminated unexpectedly), and it happens during start...

Hello please try running MBAM.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, fo... Read more

Read other 1 answers
RELEVANCY SCORE 96.8

On startup of Windows XP I continually get error message C:\windows\system32\services.services.exe. That error message is followed by another error message Desktop-Could not run or load C:\windows\system32\services.services.exe specified in the registry. Make sure the file exists on your computer or remove the refernce to in in the registry.

I am a beginner computer user so any help you can provide is appreciated.

Thank you.
New Mom
 

A:C:\windows\system32\services.services.exe

Read other 6 answers
RELEVANCY SCORE 89.6

64 bit emachines desktop PC running Home Premium, direct wire connection to a modem.

It boots normally, it just doesn't connect to the internet. Many of the services are disabled.

I have done a startup repair with and without a disk (the CD we have is NOT from emachines - it's a standard Windows 7 Home Premium 64 bit disk. The repairs never find a problem. I have done an sfc /scannow. No intefgrity violations were detected.

When I run services.msc I see that DHCP Client is not running. When I attempt to start it, I get that it could not start because the dependency service or group failed to start. If I go to properties and click on Dependencies I get a Win32 error - the service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I get the exact behavior when I try to start DNS Client.

There are no restore points available. There are no viruses or malware according to TDSSKiller, Malwarebytes and ComboFix. When I try to use Internet Explorer I get the 'page cannot be displayed' . When I then click on 'Diagnose Connection Problems', I get 'Troubleshooting Couldn't Identify the Problem.'

There's about 50GB worht of music and videos on this PC and the idea of saving all that externally, plus the drivers, reinstalling and putting everything back is a lot of time and work.

I was looking for something that used to be available in Windows XP, where you'd pop in the CD, boot from it, hit enter to do an insta... Read more

A:How do I Fix the Windows Services - Many in services.msc won't start

You might be at the point where a Repair Install is in order:

Repair Install

A Guy

Read other 4 answers
RELEVANCY SCORE 84.4

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3946 Mb
Graphics Card: ATI Mobility Radeon HD 545v, 512 Mb
Hard Drives: C: Total - 183295 MB, Free - 91088 MB; D: Total - 273060 MB, Free - 272925 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., R540/R538/SA41/E452
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled

I recently have discovered I have a 'trojan horse' on my system. AVG Picks it up during a scan and says the following:

Object name: C:\Windows\System32\services.exe
Detection name: Trojan horse. Generic_c.MMI
Object type: File
SDK type: Core
Result: Object is white-listed (critical/system file that should not be removed)

On advise from another forum I downloaded and ran "spybot - search and destroy"
It does NOT pick up that it is there

As per the forum rules the following logs are below:

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:26 PM, on 5/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\Sys... Read more

A:C:\Windows\System32\services.exe

Read other 16 answers
RELEVANCY SCORE 84.4

"Services.exe terminated unexpectedly with status code 1073741674"Logfile of HijackThis v1.99.1Scan saved at 1:21:28 PM, on 6/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXED:\Program Files\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\... Read more

A:Windows/system32/services.exe

Hi, some questions first.... were you infected previously? Because that is really important to know.
In case you were, can you point me to that thread (if any) where they helped you?
The reason is because, I want to know if this is a malware issue or any other issue where something legit can cause this.

Read other 2 answers
RELEVANCY SCORE 84.4

Hello,
I think I have a virus. My AGV anti-virus detects here - C:\\WINDOWS\System32\SERVICES.EXE (912) - and it defines it as 'Virus found Lop'. when scan finishes it says that problem is removed but after restert the problem is still here. Same thing with Ad-Ad-Aware and Spyboot too.
I ntoiced something was wrong when, while accessing internet explorer, one/two mroe pages open up at the same time with adverts for mobile phones, online poker etc tec.
Is this s virus?
Suggestions on how to get rid of this?

Thansk a lot, I would appreciate your help.

Ciao,
Giovanni
 

Read other answers
RELEVANCY SCORE 84.4

Hi

I've searched your forums looking for a similar issue, and i have found similar problems, unfortunately they werent specific enough to help me out so i had to make a thread of my own.

I managed to get a virus and subsequently i downloaded avast virus protection, it ran the scan and delete virus function and found two infected files, one was kernels118.exe and the other was contained in c:\windows\system32\services.exe. Like an idiot i authorised the deletion of this file and since then i have been having this problem, on occasion i get one of two errors, a bsod and a little box with a red cross in it giving me a countdown saying that services and controller apps has encountered a problem and the system needs to restart. The error code is
-1073741819

I did i hijackthis scan and here are the results.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:46:45, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

A:C:\windows\system32\services.exe

Read other 9 answers
RELEVANCY SCORE 84.4

hey. im currently running sp1. today i tried to install sp2, and it says C:\WINDOWS\system32\services.exe is in use. called microsoft 3 times. didnt help. they olny told me it was because there were serious infections in my computer. HELP!

A:C:\WINDOWS\system32\services.exe is in use. HELP!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 84.4

hi!
the last few times that i have started my computer, I get a message that an error has been caused by c:\windows\system32\services.exe
The system will shutdown in 60 seconds, please save any unsaved work. the countdown then lowers, but I can not access any application to start or even to terminate. The system shuts down at the end of the 60seconds and then restarts.
Can anyone please help me understand what may be going on? Do ask if you need more detail about the error message. I'll note it down the next time its thrown at me.

Read other answers
RELEVANCY SCORE 84

Hello Team,

Please advice me what kind of steps need to take for  ATA issue like..
1.dns services .
2.directory services 
3.remote desktop services.

we have 70 to 80 medium tickets  what would be the best resolution for this things

Read other answers
RELEVANCY SCORE 83.6

I have been getting alerts telling me that i have a virus. So i ran an avg free addition scan and it said the following.

"Object name"......................................."C:\Windows\System32\services.exe"

"Detection name"..................................."Trojan horse Dropper.Generic_c.MMI"

"Object type"...................................................................................."file"

"SDK Type"....................................................................................."Core"

"Result"..................................................................."Object is white-listed" (critical/system file that should not be removed)"

........................................................................................................


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Zach at 17:34:36 on 2012-09-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1758 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
... Read more

A:Help Me C:\Windows\System32\services.exe Problem

Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please: do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
do not run any tools or scans other than those requested;
follow all instructions in the order they are presented;
if you have problems with or do not understand the instructions, ask before continuing;
stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
do not attach any logs/reports, etc.. unless specifically requested to do so.
All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, uncheck word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

========================

Before we begin the cleaning process, I need to run a couple more analysis tools. But, first, you appear to have some CD emulating software installed which need to be disabled as they interfere with the analysis.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool. The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Cli... Read more

Read other 10 answers
RELEVANCY SCORE 83.6

Hi all.
 
First of all I am a newbie here in the forum.
 
And I have been using combofix although I am not much of a techie.
I have just been told by a pc tech - a friend.
 
A while a ago I've run combo fix and it says that c:/windows/system32/services.exe is infected.
and it says after that it's tring to restore.
 
I am at a loss with this.
 
The infection has been on and off.
 
Please forgive me if I posted it here or where, as I browse the forum it's really hard for me to know where to start.
Hope to receive any help from anyone.
 
Thank you very much.
 
And have a good day to all.
 
 

A:c:\windows\system32\Services.exe . . . is infected!!

Hello franklin_roosevelt I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as ... Read more

Read other 51 answers
RELEVANCY SCORE 83.6

Hello ,

I have avast antimalware right now, I used to have microsoft security essentials but I cannot download and open that service anymore due to this virus. I cannot open windows firewall I get the error: 0x8007042 code, windows will not update, itunes will not connect to the store or update either that how I knew something was wrong initially.
When avast found these infected files, it could not move them to the chest, repair or delete them no matter what I did. These are the files that wont delete,
C:\Windows\System32\Services.exe Win32atched-AKC[Trj]
C:\Windows\assembly\GAC_32\Desktop.ini Win32:Sirefef-PL[Rtk]
C:\Windows\System32\Services.exe Win32atched-AKC[Trj]
 

A:How do I get rid of this C:\Windows/System32/Services.exe Virus

Read other 11 answers
RELEVANCY SCORE 83.6

Hi. I'm brand new here, which I'm sure you'll be able to tell shortly.

I play Farmville 2 all the time. I have for months. All of a sudden, about a week ago, the game kept crashing. Upon inspection, it turns out that windows system files were using a high amount of cpu. So, I attempted to go in and disable some, according to these directions:
What is svchost.exe And Why Is It Running?

I was very impressed with myself for not needing my husband's help. After a few minutes, I went to check on the usage using the task manager. Well, apparently, I disabled it. AND THE SERVICES!!

I have no idea how to get it back. After searching online for an hour, I've resorted to asking for help. I'd like to re-enable what I disabled.... and then leave it alone for my husband to look at.

Please and thank you for your help. If you haven't noticed, I had no business touching things and I'll never do it again.

If you might be able to tell me what my husband *should* disable to get rid of the original problem, I'd greatly appreciate that as well.

Michelle

A:I need to reaccess c:\windows\system32\services.msc

The easiest way to fix this is to do a System Restore to before you disabled the services. See here:

System Restore - How to Do in Windows 8

Read other 1 answers
RELEVANCY SCORE 83.6

i have avg free addition and it says

"Object name"......................................."C:\Windows\System32\services.exe"

"Detection name"..................................."Trojan horse Dropper.Generic_c.MMI"

"Object type"...................................................................................."file"

"SDK Type"....................................................................................."Core"

"Result"..................................................................."Object is white-listed" (critical/system file that should not be removed)"

help please because my computer is my life

A:Help Me C:\Windows\System32\services.exe Problem

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 83.6

The title says it all, i got this lil alert popping up about ever 20min.
Cant remove it and i know it lached on when i installed a adobe update that was apparently fake.

A:c:\Windows\System32\services.exe Virus

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select... Read more

Read other 2 answers
RELEVANCY SCORE 83.6

I noticed that Windows Security Essential stopped working. I tried to reinstall and scan the computer but a message popped up telling me that Windows had encountered a problem and had to restart in 1 minute. I restarted the computer but the same message would pop up.
I tried to scan the computer in safe mode and I found out that Windows/System32/services.exe was infected. Windows Security Essential would try to clean it, but then the same message as before would pop up telling me that Windows had to restart.

I have come here hoping to get some help. I have a Windows 7 64 bit computer.
I have also copied the DDS log below. Any help is appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Julian at 1:03:26 on 2002-01-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3346 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:&#... Read more

A:Infected windows/system32/services.exe

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 36 answers
RELEVANCY SCORE 83.6

I renamed C:\Windows\system32\services.exe to services_old.exe in Win XP and now when I reboot my Gateway notebook it only comes up to a "black" screen with only a white pointer showing. I was not too bright when I pulled this stunt.....How can I rename services_old.exe back to it's original name. Is there a way to get to a command prompt? I have tried to use the F8 key and boot to Safe Mode w/ Command Prompt but that only takes me to the same "black" screen in safe mode. I do not have the "restore cd" either. Please help.
 

Read other answers
RELEVANCY SCORE 83.6

I don't know what to do.
 

A:I hhave windows/system32/services HELP

follow advice here and post the logs those programs make

Did you see the big red message telling you what to do when you tried to make your first post in this topic or did you just decide to ignore it.
 

Read other 1 answers
RELEVANCY SCORE 82.8

Thanks a ton for providing this service. I used to work as a low-level tech for a PC maintenance company (emphasis on low), so I know a little bit about what a pain it can be providing tech support. This, however, is way over my head.

I was notified a few days ago by my internet provider that something had been sending spam e-mails from my internet connection. They recommended that I run a virus scan to remove the threat, or to have it professionally removed. At the time, I was using IOBit's Advanced System Care 5 protection, but nothing significant came up in the scan. So, I tried MBAM, which located what it identified as 3 Trojans and a Rootkit. It was able to remove 2 of the items, but not the other two. I did a little research and downloaded AVG to see if they could locate and sequester the problem. It identified the two problems, including the following - c:\Windows\System32\Services.exe - which it identified as a "Trojan horse Dropper.Generic_c.MMI. The result is that the "Object is white-listed (critical/system file that should not be removed)". It also said that access to the infected files would be restricted.

I re-ran MBAM since then, and it came up with nothing. So, I thought the problem was solved, but AVG keeps popping up 2-3 times per hour with the same notification about the same file. I'm not sure if "white-listed" means that it's sequestered and incapable of damaging my system anymore or not, but the AVG pop-ups are c... Read more

A:Windows/System32/services.exe Trojan dropper

Read other 16 answers
RELEVANCY SCORE 82.8

On 7/10/12 I was prompted by what I thought was adobe update service to download an update. I was looking at videos on youtube and didn't want to interrupt so I selected no. It repeatedly opened attempting to get me to run the update. I thought this was suspicions so I attempted to close the window, this also didn't work. I eventually decided I was being paranoid and that my virus protection (AVG Free) would save the day if anything malicious was happening. I was certainly wrong. Approximately 10 minutes later I began getting threat notifications of trojans on my computer. I eventually ran AVG in safe mode in attempt to remove them and it indeed removed 5 trojans to my vault. When I ran in normal mode again trojan horse dropper.generic_c.mmi remained no matter what I ran (Spybot, ccleaner). At this point I turned off the computer and decided to search the forums but have been unable to find a cure all. Seems that the solutions given have been for specific users in their specific case. So here I am attempting to find my specific solution. Any help would be greatly appreciated. Thanks

A:Infected with c:\windows\system32\services.exe need assistance

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 22 answers
RELEVANCY SCORE 82.8

Hi guys

I have recently had trouble with windows XP. It will not load , not even in safe mode. After the Windows logo it loads to a black screen with two identical error message.
-------------------------------------------------------------------------
​Winlogon corrupt file
--------------------------------------------------------------------------
The file or directory \windows\system32\services.exe is corrupt or unreadable
Please run chkdsk utility
--------------------------------------------------------------------------
​How it started
When playing football manager i have been getting error messages saying
"there was not enough memory to carry out this process"
Some times the program would crash but more recently I have got a prompt in the corner saying
" this file is corrupt please run chkdsk"
or the blue screen of death.
All my save games have been corrupted and the computer started crashing even before the game loaded.

Last night my computer was running fine other than this game the last thing i did before i shut down my computer was run the chkdsk utility , It gets up to 100% then closes without giving me the results. Now my computer wont even start in safe mode :S

I have 9 weeks left to complete my thesis at University , There is loads of work on my hard drive that i cant afford to lose .
Can any one help ? PLEASE!
 

A:\windows\system32\Services.exe is corrupt or unreadable

Read other 7 answers
RELEVANCY SCORE 82.8

Hi,

I have just been reconnected to the internet after my ISP temporarily disconnected me due to spam emails. Following 2 deep scans many backdoor, worm and trojan files were found and deleted however the problem persists that my computer is sending out lots of spam emails (Can see this on the firewall logs, lots of outbound traffic to destination port 25)

I have got a HijackThis log (please see below).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:53, on 12/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ado... Read more

A:C:\WINDOWS\System32\services.exe Spam Emails

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 82.8

Recently my small business computer which uses Microsoft Windows Server 2003 software started displaying the message c\windows\system32\services.exe and shutting down every 5-10 minutes. Is this a virus or some other problem? Please help.
 

Read other answers
RELEVANCY SCORE 82.8

HelloMy Firewall started telling me about a week ago that Windows/System32/Services.exe was trying to access the internet which I thought was strange, expecially as it was trying to access a wierd site nothing to do with microsoft.I didn't let it but later on I had to disable my Firewall briefly while I connected to my website to upload my data. (I don't know why but my web server won't allow me to connect through a firewall, even if I allow everything)Anyway at this point Services.exe got access to the internet and then it said I had 60 second before my computer would restart and this message:"Services.exe terminated unexpectedly with status code 1073741674"I have run every possible virus and adware scan going and they have all come up clean, I've searched the internet for solutions and found nothing except for someone who had the same error on this site.He said he fixed it simply by deleting sysbus32.sys but I've searched for that file and don't appear to have it on my computer?here is the Hijackthis report:Logfile of HijackThis v1.99.1Scan saved at 15:00:43, on 31/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program ... Read more

A:Windows/system32/services.exe Keeps Closings Down My Computers

Click on start, then run, and type the following in the Open: fieldnotepad c:\windows\system.iniNow press enter. Post the contents of this file as a reply to this topic.

Read other 8 answers
RELEVANCY SCORE 81.6

Hi,

I've seen that other users have posted the same problem I am having right now and they were able to resolve their trojan issues. But they specifically said that the scripts were specifically written for each of their individual computers based on the logs they posted. So I am starting a thread do hopefully ask for help from someone who can guide me in getting rid of this trojan found in C:\windows\system32\services.exe

I have already downloaded Farbar and saved it in a flash drive but haven't done anything with it yet. I want to wait for instructions before running any program and possibly make it worse.

Will wait for a response from an expert.

Thank you!

Marie
 

A:NEED DESPERATE HELP with Trojan Removal -- C:\windows\system32\services.exe

Read other 16 answers
RELEVANCY SCORE 81.6

Hi all.
I am just new here in fact I have just registered a while ago.
I wish to ask help whether is my PC infected.
 
History:
I have been using combofix for a while now. ( i have used it last year and then stopped and then I started using it again for about a couple of months now).
I have a current antivirus (other) but I still run combofix to make sure and double check.
 
However, about a week now I have been getting this "System file infected - C:/windows/system32/services/exe"
 
I scan my pc at least twice a day with combofix and in a week I get that infected-thing at least three times in a week.
 
I would like to seek help if anyone can help?
I wish I could post the log txt from combofix, however I have gathered that I cannot easily post the screenshot of the combofix log txt? Is this true?
Or if you can refer me to the proper thread where I could get help would be much appreciated.
 
Please help me.
 
Thank you all and best regards.

A:System file infected - C:/windows/system32/services/exe

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 9 answers
RELEVANCY SCORE 81.6

Hello,

I have been searching everywhere for a fix for my problem but I could not find a fix easy enough for me.
An IT friend of mine suggested I should come in here as here are the most knowledgeable people around and I should seek help.

I have this virus and tried everything to remove it but I get this message saying that it can not be removed.I think I got infected when I clicked on a small window that look like a Flash update notice.

I am running Windows 7 Ultimate 32 bit OS with Service Pack 1 and AVG 9. I will upgrade to 12 if this would help.

Can you please give me some directions in how to get this virus removed? I would really appreciate it.

thanks in advance.
Felix

A:Trojan horse Patched_c.LYU in Windows/System32/services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 31 answers
RELEVANCY SCORE 81.6

Hello, 
 
  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.
 
After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.
 
I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.
 
After running Combofix, here it's the result:
 
ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\... Read more

A:c:\windows\system32\Services.exe infected and WUPDATE errors

Hello  jackpera, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when ask... Read more

Read other 24 answers
RELEVANCY SCORE 81.6

Hello, 
 
  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.
 
After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.
 
I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.
 
After running Combofix, here it's the result:
 
ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\... Read more

A:c:\windows\system32\Services.exe infected and WUPDATE errors

Hello, 
 
  few days ago I was unable to update my Windows 7 x64, with the following errors: 800706BE and 800706BA.
 
After chatting with Microsoft HelpDesk, they suggested me to clean my PC, trying to sell me their support.
 
I'm afraid I got ZeroAccess rootkit, but I cannot get it out of my PC.
 
After running Combofix, here it's the result:
 
ComboFix 15-03-14.03 - Jacopo-Perenchio 18/03/2015   8:49.6.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.8099.5494 [GMT 1:00]
Eseguito da: c:\users\Jacopo-Perenchio\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Jacopo-Perenchio\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\JACOPO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
-- Esecuzione precedente --
.
c:\windows\system32\Services.exe . . . è infetto!!
.
--------
.
c:\windows\system32\Services.exe . . . è infetto!!
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-18 al 2015-03-18  )))))))))))))))))))))))))))))))))))
.
.
2015-03-18 08:03 . 2015-03-18 08:03 -------- d-----w- c:\users\Public\... Read more

Read other 5 answers
RELEVANCY SCORE 80.8

Hi,

Got somethin' inte to my computer last evening, but managed to get rid of it via AVG/Killbox/HJT/Combofix/Vundofix/PC-killin 2005/CCleaner/Lavasoft Ad-aware and some manual deletion of files and running processes and registration keys. Seems to be allright now though, however, my services.exe(located where it's supposed to be) tries to connect to random IP-adresses, which makes me think that this is the source of my previous problems, or a backdoor-inlay or somethin', whatever. So, my question is, is this a correct behavior i see by services.exe or is it infected with something? Should i replace it with the same file from another PC or perhaps from a Windows geniune CD? Since the problem now seems to be refered only to this file, i'm thinking about reinstalling the whole computer, since i still could need that. The problem started with me downloading a keygen .exe-file(which i scanned first, obviously not helped) and upon opening it, it infected me with a little red bulb in the task manager field saying i was infected with spyware and that i should click tehere and download some program. ****in *******s....Well, it's my own fault. Have had several files, on of 'em smanager.7.exe for example. Someone who can lecture me, then?
 

Read other answers
RELEVANCY SCORE 80.8

I have 2 issues .
1)
My AVG internet security resident shield regularly comes up with an alert stating that a threat has been detected . It says :
File name : c:\Windows\System32\services.exe
Threat name : trojan horse patched_c.LXT
detected on open.

beneath this box there is usually a button which will move the malware into the "virus vault " . But in this case there is nothing but a button giving me the option to ignore the threat . AVG also finds this same malware during the whole computer scan , but because services.exe is a system file AVG says that the file is "white listed" and so AVG just ignores it . AVG first found the trojan on 04/08/2012. So far i have been unable to remove it .
I am running Windows 7 Service pack 1 64bit - therefore i have not posted a GMER log as advised in the instructions topic.

2) luha.sirfef.a
AVG said in the whole computer scan 2 days ago that it found luha.sirefef.a . I did another whole computer scan today and it could not find the luha.sirefef.a ( I have disconnected my laptop from the internet due to the luha.sirefef.a and services.exe trojan) . does this mean that the virus is gone? I am a bit suspicious as i had not taken any steps to remove the sirefef other than deleting a registry file that was mentioned to be malicious on many websites
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "Certoficate Revocation"... Read more

A:infected with a "Trojan horse patched_c.LXT" in c:\Windows\System32\services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 31 answers
RELEVANCY SCORE 80.8

Hi,
Please Help!
I have this spyware/virus in my computer that I cant seem to find it. I've run almost all the scanners out there: Norton Anti-virus, AVG Anti Virus, Avg Anti-Spyware, Spybot, Ad-Aware, DrWeb, SuperAntispyware....etc. Everytime winblow starts up, Sygate firwall notifies me that C:\WINDOWS\system32\services.exe making UDP requests to some strange IPs (changes port and ip each time). C:\WINDOWS\Explorer.EXE and C:\WINDOWS\system32\svchost.exe also make requests on start up. but not always. IE has been hijacked to listen for search keywords and create pop up to broadcaster.com , aseekto.com ...etc. (they dont come up right away...just listen somewhere in the back ground until the right keywords are typed). Here is my Sygate Firewall and HJT log:

Thanks

Sygate:
File Version : 5.1.2600.2180
File Description : Services and Controller app (services.exe)
File Path : C:\WINDOWS\system32\services.exe
Process ID : 0x36C (Heximal) 876 (Decimal)

Connection origin : local initiated
Protocol : UDP
Local Address : 3.137.119.114
Local Port : 28085
Remote Name :
Remote Address : 195.140.140.170
Remote Port : 4239

Ethernet packet details:
Ethernet II (Packet Length: 81)
Destination: 00-00-0c-07-ac-77
Source: 00-03-25-14-78-4d
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: ... Read more

Read other answers
RELEVANCY SCORE 80.8

Hi,

I am getting this error message

The system process
C:\\WINDOWS\system32\services.exe'
terminated unexpectedly with
status code 203. The system will
now shut down and restart.

After which my computer shuts down after 60 seconds. Does anyone have any ideas about what might be causing the problem? Im running Windows XP.

Read other answers
RELEVANCY SCORE 80

I am running Windows XP. My laptop came preinstalled with Vista this past August but I removed it and installed XP as my OS.

I started getting this error msg today: C:\windows\system32\services.exe terminated unexpectedly with status code 1073740972 and will restart in 60 seconds. It seems related to my HP Deskjet 6980 printer. If the printer isn't plugged in, the error doesn't appear. I uninstalled the printer, downloaded the most current drivers from the hp website, reinstalled and still get the error.

I am also getting this msg as well: Data Execution Prevention Services and Controller App. I am running CA antivirus, firewall, and keep my CA updated regularly. I am up to date on all XP updates from MS. I have scanned my system several times and have found nothing. I know that the data execution prevention is likely related to a virus but I can't locate anything!!

Can anyone help???

A:C:\windows\system32\services.exe terminated unexpectedly with status code 1073740972

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 80

Can anyone out there help me with the following message:

?The system process c:\windows\system32\services.exe terminated unexpectedly with status code -2147483645?

The message window also informs me that the message was initiated by the ?NT Authority\System?.

My PC is running slower than a turtle! Your help is appreciated!

Thank you!

A:“The system process c:\windows\system32\services.exe terminated unexpectedly with s

I'm not sure this applies to you, since it's a different exe but I found
this on google It's not much tho and aboutg the only thing I can find, maybe one of the more advanced people can explain more. Oh and check for viruses at www.trendmicro.com

Read other 2 answers
RELEVANCY SCORE 80

SYSINFO:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1

POSSIBLE ISSUE W HighjackThis:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself...

HighjackThis LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:07:36 PM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
C:\Users\Owner\Desktop\FXPRO\terminal.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\Owner\Desktop\SysInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\... Read more

A:c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI

Hi Charlesz and welcome to TSG. My name is Mark and I will be helping you.

Please provide the last log from Malwarebytes, then run another scan with it and post that log also.
Open Malwarebytes and click on the Logs tab.
Scroll down the list to find the relative scan dates.
Click on the entry and then click on Open.
Copy and paste the log into your next post.

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 

Read other 3 answers
RELEVANCY SCORE 78.8

hello,

"C:\Windows\System32\services.exe, Trojan horse Patched_c.LXT, Object is white-listed (critical/system file that should not be removed)"

thats what it says on my avg scanner.

no idea how to remove it

help?

thanks!

A:c\windows\system32\services.exe Trojan horse Patched_c.LXT windows 7 OS

bump?

Read other 2 answers
RELEVANCY SCORE 78.4

Norton 360 alerts me that services.exe zeroaccess!inf4 is an unresolved security risk and that it must be manually removed. Norton is keeping it at bay and nothing is wrong with my computer as of yet. No scan that I have tried has worked and I am unsure of what to do. I would really appreciate ay help. Here is my DDS log.
Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Eddie at 15:26:16 on 2012-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5628 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Window... Read more

A:Norton 360 alert: Infected File C:\windows\system32\services.exe manual removal required

Good evening. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:

Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Click on Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt. In the Command Window type in notepad and hit <ENTER>. When a notepad window opens, under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and hit <ENTER>.

Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

Read other 13 answers
RELEVANCY SCORE 78.4

Hi,

About a week ago my computer randomly started rebooting itself, no error messages were appearing, and only happened maybe once a day. However, it has now started happening more and one time the following message was dipslayed before the computer rebooted:

The system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. The shutdown was initiated by NT AUTHORITY\SYSTEM

The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code - 1073741819. The system will now shut down and restart.

Any help would be greatly appreciated. Thank you.

Here is the DDS report:

DDS (Ver_09-12-01.01) - NTFSx86
Run by James Honeysett at 11:00:56.54 on 27/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.721 [GMT 0:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.e... Read more

A:Computer restarting - c:\windows\system32\services.exe terminated unexpectedly with status code - 1073741819

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 75 answers
RELEVANCY SCORE 78.4

The system process 'C:\WINDOWS\System32\services.exe' terminated unexpectedly with status code -1073740972. The system will now shut down and restart
This malware keeps shutting down the computer. It started by hiding ALL of the files.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 16:48:53 on 2011-08-25
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.242 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Fi... Read more

A:The system process 'C:\WINDOWS\System32\services.exe' terminated unexpectedly with status code -1073740972.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417821 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 76.4

 Hi,
My AVG keeps detecting the Generic32.CEMU, Generic.ZCS and Luhe.Sirefef.A trojans in the following folders and I cannot delete them:
"";"Trojaner: Generic32.CEMU, c:\Windows\Installer\{e9e4ec2d-7531-de3c-8f90-648a9c78d006}\U\[email protected]";"Infiziert"
"";"Trojaner: Generic31.ZCS, c:\Windows\Installer\{e9e4ec2d-7531-de3c-8f90-648a9c78d006}\U\[email protected]";"Infiziert"
"";"Luhe.Sirefef.A gefunden, c:\Windows\Installer\{e9e4ec2d-7531-de3c-8f90-648a9c78d006}\U\[email protected]";"Infiziert"
They seem to have infected the services.exe and I cannot remove this with AVG.
I'm not a PC illiterate but it isn't my mothertongue either... I would be very grateful for every help.

 
 
Here I have the DDS and MBAM logs:
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Datenbank Version: v2013.05.28.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Scede :: SCEDE-PC [Administrator]
28.05.2013 22:39:58
mbam-log-2013-05-28 (22-39-58).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268105
Laufzeit: 3 Minute, 25 Sekunde
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(K... Read more

A:Windows 64 /Patched.a in c:\Windows\system32\services.exe

Hello Scede,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  Do you have a USB Flash Drive you can use?

Read other 3 answers
RELEVANCY SCORE 76

Hello:
Every time I click to open Windows Live Mail 2012, I am getting the following message in the middle of the screen.
---------------------------------------------------------------
There was an error when attempting to connect to the Windows Live Calendar service. If the error persists, check to see if there is an upgrade of Windows Live Mail available or contact a service representative.
----------------------------------------------------------------------------
Since I never use WLM 2012 Calendar, the message is nothing important to me.

How to get rid of the message above correctly?

Thanks for your help in advance.
 

Read other answers
RELEVANCY SCORE 76

problem signature:
Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.1.7600.16385
Application Timestamp: 4a5bc3c1
Fault Module Name: StackHash_b4ee
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c00000fd
Exception Offset: 0000000000000000
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Information 1: b4ee
Additional Information 2: b4ee5de6a2322745523997a782b35692
Additional Information 3: 277e
Additional Information 4: 277e19c30fbd5f6bb531ec9e027c37c3

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

A:How do i fix the message error Host Process for Windows Services

its could be one of a few things.

When vista came out a lot of people had the issue due to software that wasnt fully compatible/up to date.

Others have had the issue with ATI Control catalyst if you have an ATI card, update the software and drivers.

last but not least it could be dodgy ram, so do some memory tests.

Read other 1 answers