Go Back   Computer Forums > General Computing > Software and Operating Systems
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-04-2010, 07:23 PM   #1
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Exclamation Services and Controller app problem followed by crashes

About a month ago I posted a thread asking for help with my computer problem. Now my situation has gotten worse because I searched with Malwarebytes and found a bunch of weird Trojans that AVG also found. I really need help with this so I want to add my original thread for help.

Original Post
--------------------------------------------------------------------------

About 2 weeks ago I visited a site offering free travian cheats. I am pretty sure it was this website (www.squidoo.com/travian_cheats). After I restarted my computer the next day I ended up with an error message saying that Services and Controller App has terminated and that Windows has encountered a critical error and will restart in one minute. My computer then enters a crash loop where I am only able to use my computer after every 5th restart. I suspected a virus so I used Malwarebytes and got this log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3994

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/2/2010 6:07:56 PM
mbam-log-2010-06-02 (18-07-56).txt

Scan type: Quick scan
Objects scanned: 111293
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Users\Sandy\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\dlipukopibanov (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\bqowewucobuhogeh (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sandy\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sandy\AppData\Local\efepebasuse.dll (Trojan.Agent.U) -> Not selected for removal.
C:\Users\Sandy\AppData\Local\uerect.dll (Trojan.Agent.U) -> Delete on reboot.

I've done about 20 virus checks with AVG, Spybot, and Malwarebytes and they have turned up nothing. I then decided to use HijackThis and ended up with this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:06 PM, on 6/12/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.ex e
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{6D511788-DB7B-47B2-BDE2-0B801743B6C9}
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
__________________

Warren is offline   Reply With Quote
Old 07-04-2010, 07:24 PM   #2
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: Services and Controller app problem followed by crashes

oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-2048999677-3611891957-2375679457-1005\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2048999677-3611891957-2375679457-1005\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - S-1-5-21-2048999677-3611891957-2375679457-1005 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: http://www.glennbeck.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11131 bytes

I feel like banging my computer on a wall and I really don't want to have to reformat the disk (I lost the Vista recovery disk) so can someone please help me?

Can someone please help me? I'm really desperate for a solution.

End of Original Post
--------------------------------------------------------------------------
__________________

Warren is offline   Reply With Quote
Old 07-05-2010, 01:36 AM   #3
Bogan
 
Neodude112320's Avatar
 
Join Date: Feb 2006
Location: Australia
Posts: 8,471
Send a message via MSN to Neodude112320
Default Re: Services and Controller app problem followed by crashes

Did You try rebooting into safe mode an removing the trojans using anti-malwarebytes?
__________________
Desktop:BitFenix Survivor~Gigabyte GA-P67A-UD3R~ i7 2600K @ 4hz~AMD 6870 1GB~12gb Team Elite DDR3 1333~3xWD In RAID5~W7 Ult
Laptop:Alienware M11x~ i7-2637M 1.7GHz~16GB 1333MHz DDR3~GeForce GT 540M~W7 Ult
Neodude112320 is offline   Reply With Quote
Old 07-17-2010, 12:54 PM   #4
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: Services and Controller app problem followed by crashes

I've used Malwarebytes, and Spybot, but my AV is AVG. Should I try scanning with something else?
Warren is offline   Reply With Quote
Old 07-17-2010, 02:56 PM   #5
..m.0,0.m..
Site Team
 
iPwn's Avatar
 
Join Date: May 2010
Location: USA
Posts: 3,870
Default Re: Services and Controller app problem followed by crashes

You could try Comodo AV. Although with the damage done, sounds like a format is the only sensible next step.

Edit: You have a lot of garbage in your startup, as well as your trusted sites
__________________
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 07-17-2010, 04:37 PM   #6
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: Services and Controller app problem followed by crashes

Now do my trusted sites really matter? But I will try scanning with Comodo AV.
Warren is offline   Reply With Quote
Old 07-17-2010, 07:31 PM   #7
..m.0,0.m..
Site Team
 
iPwn's Avatar
 
Join Date: May 2010
Location: USA
Posts: 3,870
Default Re: Services and Controller app problem followed by crashes

No your trusted sites don't matter, I was just making an observation
__________________
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 07-29-2010, 11:21 PM   #8
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: Services and Controller app problem followed by crashes

I'm still having trouble with it and I'm still looking to get if fixed, but for some reason it runs fine when it isn't connected to the net.
Warren is offline   Reply With Quote
Old 07-29-2010, 11:28 PM   #9
..m.0,0.m..
Site Team
 
iPwn's Avatar
 
Join Date: May 2010
Location: USA
Posts: 3,870
Default Re: Services and Controller app problem followed by crashes

Looks like you may have been taken over...
In my younger, dumber years, I used to do a lot of IRC piracy and became a member of an underground group that would find PC's with a decent computer connection and remotely use them to steal their bandwidth and hijack the PC. You may have had this happen and those guys were good at what they did so I have no clue on how to remove or fix something like this.
Download Comodo Internet Security, save it to a USB drive, then reformat the computer. After reformatting, prior to connecting to the internet install Comodo IS.
Shi**y situation to be in...
__________________
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 07-29-2010, 11:30 PM   #10
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: Services and Controller app problem followed by crashes

Well I'm only using the computer for email now and I'm using a much better HP touchscreen. I want the files on the computer and the emails so can I transfer them to my new computer without bringing the virus?

Edit - I'm still confused I've scanned with AVG, Malwarebytes, and Spybot S&D but they still turn up nothing. A friend of mine works for Microsoft looked at the computer and was still confused.

Edit Again - Do you think the virus could have altered the registry and reinstalling a lost file might fix the computer?
__________________

Warren is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:48 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0