0

I was using my computer the other day for regualar internet usage... when i kept on getting the Dont Send or Send error report.... so i decied i would restart my computer.

When it was loging on to windows... a error comes up saying Service.exe has caused an error hit OK to terminate the program, so i hit ok and says it again and hit ok again and just goes away and im stuck at a black screen. with my mouse frozen. If i just leave the computer sits there it restarts. (repeted over and over)

I had a previous install of XP on my other drive that hasnt been activated and is passed the 30 days... so all I get right now is the window to activate.. but i saw a link to the windows "something" website so i can get at Windows Explore and all the contents of both drives. just no start button or desktop items.

I also ran AVG and Ad-aware... deleted all the stuff it detected and still doesnt work

EDIT: also booted in safe mode... debug mode.. and all the options there is..


HighJack This log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\oobe\msoobe.exe
C:\WINNT\srvany.exe
E:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
F3 - REG:win.ini: run=
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [WMC_1] RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection RegSection 128 C:\WINDOWS\inf\MPCD10.inf
O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\System32\regsvr32.exe /s "C:\Progra~1\MsnMusic\4125030\msnmusax.ocx"
O4 - HKLM\..\RunOnce: [WMC_3] C:\WINDOWS\System32\regsvr32.exe /s "C:\Progra~1\MsnMusic\4125030\MsnWmpPl.dll"
O4 - HKLM\..\RunOnce: [WMC_4] C:\Progra~1\MsnMusic\4125030\MsnMusic.exe /RegServer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows - Unknown - C:\WINNT\srvany.exe

Im not sure if HighJack this did the right drive.... because the E drive is the one i cant even get on... and the C is the one im on but havent activated. I saved Highjackthis in the E drive but it might have ran a check on the C.... i want it to do it on the E.

3
Contributors
10
Replies
11
Views
12 Years
Discussion Span
Last Post by jaycckan
0

Open the following file in Windows Notepad and Cut-n-Paste the contents of the file here please:

C:\WINDOWS\repair\reset.bat

0

@echo off
Rem: Brought to you by: By the best, The only
Rem: people that did it.
Rem: AngelDeath, Epyx, Slanchoca, DopeWeasel, Meph.
Rem: The now Famous 5.

batch.cmd
inuse.exe security %systemroot%\system32\config\security /y >nul


That is from the C and not the infected E drive...... (the e didnt have it)

0

1. Oh great, that's what I thought it would be.... The file is a hack/crack which is designed to replace/modify the Security hive of your Registry. :mad:

This is not a Good Thing, but the repair is a bit complicated; lets' hold off on that for a minute.


2.

i saw a link to the windows "something" website so i can get at Windows Explore and all the contents of both drives

If your system was "frozen", how were you able to get this far? Tell us what the "something" was; being as specific as possible will allow us to help you more quickly.


3.

Im not sure if HighJack this did the right drive.... because the E drive is the one i cant even get on... and the C is the one im on but havent activated. I saved Highjackthis in the E drive but it might have ran a check on the C.... i want it to do it on the E.

HijackThis' job is to analyze/fix your currectly-active Windows environment. Because of that, HJT always runs its scans on the operating system that the computer is booted into; you cannot have it analyze the Windows installation on your E: drive unless you are booted into that installation.

0

2. If your system was "frozen", how were you able to get this far? Tell us what the "something" was; being as specific as possible will allow us to help you more quickly.

I installed Windows XP on my 20 gb drive, but i didnt activate it with a key, so i had 30 days to use it untill i activated it. I didnt activate because i wanted to back-up my 60gb that had files on it to the 20gb and then install XP with activation on the 60gb drive i have.. So when i installed XP on my 60gb i still had my previous install of XP on my 20gb that was far over the 30 day trail period. (as of now). So when my 60gb had the problems happening to it (service.exe) i decied i would go on the 20gb and run Anti-virus on the 60gb. But like i said before my trail period was long gone... so when i logged into the 20gb with the old install... only gave me a window to activate windows in. So i couldnt see any Start button or desktop items just one window for activation. So i didnt want to waste a key to just activate, i looked around in the fine print and it said "Microsoft activation assistant web site" linked to that site... so i clicked it which popped up a web browser or Windows Explore so now i could access all of my drives and programs. But with no start bar or desktop items.

So then i ran a anti virus on the 60gb drive to check for viruses, there was none. I also ran ad-aware and deleted all the files it found and it never did anything. I ran HijackThis but i ran it while on the 20gb since i cant even get into the 60gb.


What Happens on the 60gb at start up:
I turn on the computer and it auto detects all the drives and such goes through boot.. brings up the Windows XP home edition boot screen and since i only have one account with no password it just logs into windows for me. But just about when i can see my desktop and such an error message comes up saying "service.exe has caused an error click ok to terminate" so i do and it goes away and the computer goes no further....

0

Can you boot fully into the Windows installation on the 60G drive in Safe Mode? (You get to the safe mode boot option by hitting the F8 key as your computer is starting up).

0

im having the same problem. can you please advise if this issue has been resolved already and how it was resolved, thanks so much.

0

Hi jaycckan,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

0

thanks for advise. i already posted a new thread, hope you can help.

thanks,
:rolleyes: jaycckan

Hi jaycckan,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.