Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default Services and Controller app system shutdown nightmare!!

    ive been on a few forums asking for help and no1 seems to want to lend a hand! I need my computer to do my uni work and its being a nightmare!

    im running windows xp, when i turn on my computer it comes with this

    "Services and Controller app has encountered a problem and needs to close"

    if i press send error report or just leave it eventually another box comes up saying i have 60seconds before the system restarts, it counts down and then does not restart, usually just freezes by taskbar or sometimes lets me carry on.

    it will do this several times in a row, resulting in me havin2 keep restarting until i can use my comp. if i use the 'shutdown /a' command it tends to allow me to work 4 a short while but then freeze up again.

    Other problems im experiencing (when i can actually use the computer after the shutdown countdown) are it wont let me use internet explorer, it will let me open it and browse for random amounts of time and then say it has experienced an error and needs to close, and then closes itself, and the same exact thing happens with my msn messenger live, both wer working fine not long ago, and i cant restore to an earlier point that doesnt work.

    SO what ive done so far:

    Been through ur list in help section,

    updated my AVG and scanned, Scanned using panda active scan and trend micro scan, scanned using spybot search and destroy, scanned with registry mechanic and reg cure, and scanned with McAfee stinger. Some have found a few things and removed them, but they have not made a difference...

    I started it up in safe mode when it would not allow me to start it in normal mode and it did not pop up at the begining.


    My hijack this log:

  2. #2
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 17:12:45, on 20/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
    C:\Program Files\Opera\Opera.exe
    C:\Documents and Settings\Palethorpe\My Documents\My Pictures\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

  3. #3
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default

    ok thats all of it, pleasssssse can someone find a problem and help me fix it! its driving me INSANE! If ive missed anything out sorry! just tell me what else u need to know guys! work some magic please! =(

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Quote Originally Posted by palethorpe
    ive been on a few forums asking for help and no1 seems to want to lend a hand!
    I'm sure it more like they can't not that they wont

    I believe The error is caused by a domain refresh problem...

    When you get the error, click details & post what it says ...

    I need to know the Faulting application & faulting module

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default

    steamwiz, Typical as anything, the error message is not coming up on restart now, and hasnt the last 5/6 times ive restarted, nothin. But it did this last week and i thought that id gotten rid of it then too, and it came back. Any way of getting that info without the actually error coming up? or is it just a case of waiting around til it happens again?

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    This is the clue in your post ...

    "I need my computer to do my uni work"

    when you are at the uni, do you log onto a domain ? ... I think yes...

    So when your computer starts, it looks for the domain servers... if you are logged on the domain at the uni ... NO problem.

    but if you take the computer home, then then try to connect to your local ISP ... the computer still looks for the domain servers, & throws up the problem you are having..

    Have you been back to the uni, logged on to the domain, then logged Off the domain ...

    I think the problem occurs when you forget to log off the domain before bringing your computer home...

    If you check the event logs for the time you were getting the errors, you should find the details of the error...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default

    the problem actually started when i was at uni, and i couldnt fix it, so i brought it home for summer and still cant fix it...

    but at uni i connected to the internet through a network which i had2 log into through the internet.

    anyway, its been working fine all day, and i restarted it just to see if it was still running ok and it came up with the errors again, i managed2 stop it from shutting down and got some screenshots of the error boxes for you to look at, so...




    then i clicked the 'click here' and got



    and then i clicked the next blue text and got



    So thats all the information it will give me from the error boxes, i click send report, it sends the report 2 microsoft and then this box comes up



    and it counts down to 0, dissapears and then just freezes my computer up.

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    I expected the ModName to be : esent.dll ... but it isn't, it's services.exe the same as the app name ... that's why I wanted to know the details .. otherwise I am guessing...

    There is a rootkit which can be responsible for the Nt Authority\system Shutdown Error Message with status code - 1073741819. let's make sure this is not what you have...

    Download AVG Anti-Rootkit and save to your desktop

    http://free.grisoft.com/softw/70free...p-1.1.0.42.exe

    1. Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit.
    2. Accept the license and follow the prompts to install.
    3. You will be asked to reboot to finish the installation so click "Finish".
    4. After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
    5. You will see a window with four buttons at the bottom.
    6. Click "Search For Rootkits" and the scan will begin.
    7. You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
    8. When the scan has finished, a small window will open so you can view the results.
    9. Right click and select "Save Result To File".
    10. By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file). Copy and paste the results in your next reply.
    11. If anything was found, click "Remove selected items"
    12. If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.

    Then download rootchk.exe to your desktop:

    http://www.uploads.ejvindh.net/rootchk.exe

    1. Double-click on rootchk.exe to run the program.
    2. A command prompt window will open as the scan begins and then close.
    3. When the scan is completed, a logfile named rootlog.txt will open and be saved to the root directory usually C:\.
    4. Copy and paste the contents of the log into your next reply.

    Note: To avoid false positives, please disable any active protection like realtime scanners or firewalls which may interfere. Re-enable them when done.
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Jun 2007
    Posts
    16
    Points
    0

    Default

    ok, the AVG thingy didnt come up with anything at all on either scan, and neither did the rootchk but heres the log for that



    ********************************* ROOTCHK-(21-06-07)-LOG, by ejvindh
    21/06/2007 23:14:01.87

    Driver xpdx (hidden) is present. Run RUSTBFIX by Ejvindh, COMBOFIX by sUBs or SDFIX by AndyManchesta.

    ********************************* ROOTCHK-LOG-end


    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-21 23:14:02
    Windows 5.1.2600 Service Pack 2
    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    hidden processes: 0
    hidden services: 0
    hidden files: 0

  10. #10
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    ROOTCHK found a Troj/Rustok-B Rootkit driver...

    1. Download - rustbfix.exe ...and save it to your desktop.

    http://www.uploads.ejvindh.net/rustbfix.exe

    2. Double click on rustbfix.exe to run the tool.

    3. If a Rustock.b-infection is found, you will be asked to reboot the computer.

    4. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.

    5. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

    Thats probably C:\avenger.txt & C:\rustbfix\pelog.txt if your main drive is C:\

    post the content of these logfiles

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

Page 1 of 2 12 LastLast