Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Services Stopped - Are Some Critical?


  • Please log in to reply
7 replies to this topic

#1 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:11:32 AM

Posted 28 December 2014 - 05:51 PM

I'm having issues with my Windows 7 computer.  My wi-fi may have been compromised.  I contacted my provider and they reset my network password and I installed a more complete AV program than I was running.  I'm also having issues with missing tray icons (volume and network) and wonder if any of the stopped services below might be contributing.  Sometimes they're there, then the next time I boot up, they're gone and grayed out.

 

Are there any ESSENTIAL services in this list that I should be active?

 

Thanks in advance.

 

Stopped Services:

Application Layer Gateway Service
Application Identity
ASP.NET State Service
ActiveX Installer (AxInstSV)
BitLocker Drive Encryption Service
Background Intelligent Transfer Service
Computer Browser
Bluetooth Support Service
Microsoft.NET Framework NGEN v4.0 30319_X86
Microsoft.NET Framework NGEN v4.0 30319_X64
COM+System Application
Intel® ContentProtection HECI Service
Disk Defragmenter
Wired AutoConfig
Encrypting File System (EFS)
Windows Media Center Receiver Service
Windows Media Center Scheduler Service
FAX
Windows Live Family Safety Service
Google Update Service (gupdate)
Google Update Service (gupdatem)
Human Interface Device Access
HealthKey and Certifcate Management
Windows CardSpace
InternetExplorer ETW Collecdtor Service
PnP-X IP Bus Enumerator
KtmRm for Distributed Transaction Coordinator
Link-Layer Topology Discovery Mapper
Multimedia Class Scheduler
Mozilla Maintenance Service
Distributed Transaction Coordinator
Microsoft ISCSI Initiator Service
Windows Installer
Network Access Protection Agent
Netlogin
Performance Counter DLL Host
Performance Logs & Alerts
PNRP Machine Name Publication Service
Protected Storage
Quality WIndows Audio Video Experience
*Remote Access Auto Connection Manager
*Remote Access Connection Manager
Remote Registry
Remote Procedure Call (RPC) Locator
Smart Card Removal Policy
Windows Backup
Secondary Logon
Adaptive Brightness
Remote Desktop Configuration
SNMP Trap
SPP Notification Service
Secure Socket Tunneling Proocol Service
Microsoft Software Shadow Copy Provider
Telephony
TPM Base Services
Remote Desktop Services
Thread Ordering Server
Windows Modules Installer
Interactive Services Detection
Credential Manager
Virtal Disk
Volume Shadow Copy
Windows Time
Windows Activation Technologies Service
Block Level Backup Engine Service
Windows Biometric Service
Windows Connect Now - Config Registrar
Windows Color System
Diagnostic Service Host (one running, one stopped)
WebClient
Windows Event Collector
Problem Reports and Solutions Control Panel Support
Windows Error Reporting Service
Windows Defender
WinHTTP Web Proxy Auto-Discovery Service
Windows Remote Management (WS-Management)
WMI Performance Adaptor
Parental Controls
WWAN AutoConfig
 


Edited by hamluis, 28 December 2014 - 06:18 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,117 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:32 AM

Posted 28 December 2014 - 07:07 PM

Yes, I think there are some vital services disabled and I see some that malware would disable.

 

Suggest you scan with the two programs below and submit the scan logs back here.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR REVIEW.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:11:32 AM

Posted 30 December 2014 - 07:24 AM

I ran MalwareBytes...nothing.  Eset found something.  This is it:

 

D:\080213\TooLoose\Downloads\libreoffice.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined

 

My D drive contains my recovery files.  I had some problems with this computer a year ago and had to reformat/reinstall.  I had a computer shop do it and he also stored a files and other things.  I was unaware he had done this, so I have to go through them.

 

I use Firefox and when I went to download the Eset scan, I opened IE and got a number of different pop-ups, including some that on your site that said you authorized them.  I just started using this computer two weeks ago and haven't seen so many pop-ups.  This was, of course, before I ran the Eset.

 

I am very concerned about the security of this computer.  I had another computer infected recently and had email passwords stolen and attempts to use a credit card I had used on that computer.  The bank stopped the attempts.  Early Sunday morning I noticed that my network icon was running a Windows blue spinning circle and it wouldn't stop, so I called my provider and they reset my network password.  I think someone hacked my wi-fi and am concerned that they installed a backdoor before I changed the password.  Any way to check this?  I have Nortons Security Suite as provided by Comcast.  Would examining the firewall log give me any clues?  (I'm not sure I can even do that.)

 

Anything else I should do?



#4 buddy215

buddy215

  • Moderator
  • 13,117 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:32 AM

Posted 30 December 2014 - 07:55 AM

Let's see if the two programs below can find adware and remove it.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:11:32 AM

Posted 30 December 2014 - 09:21 AM

I ran my Nortons and it found this: 

Updated: February 7, 2012 5:31:24 PM Type: Other, Worm Risk Impact: Medium Systems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP Behavior

SecurityRisk.OrphanInf is a detection for autorun.inf files that no longer refer to a valid file on the compromised computer.

 

I will do these other scans and report back.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:32 AM

Posted 30 December 2014 - 09:27 AM

Is this the same computer as here?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 LittleGreenDots

LittleGreenDots
  • Topic Starter

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:11:32 AM

Posted 30 December 2014 - 09:36 AM

No.  That computer is down and I'm going to start working on it.  This is the next computer I booted up after the problems started.  My internet provider changed my network wi-fi password but I suspect that before I detected the suspicious activities (the volume and network icons disappeared from my tray, were grayed out, and I couldn't get them back....they are back now.  The suspicious activity I noticed was the nonstop Windows busy blue circle spinning on my network icon (which I could view inside the list of available icons.)   I'm concerned about a possible backdoor on this computer.  I have too many threads going for two separate problems (though I suspect they are related.)  Here are all my threads:

 

Computer #1 (down)

http://www.bleepingcomputer.com/forums/t/560433/error-msg-when-i-save-as-with-windows-notepad/
http://www.bleepingcomputer.com/forums/t/560024/stolen-email-passwords-and-various-yahoo-service-issues/


Computer #2 (in use)
http://www.bleepingcomputer.com/forums/t/561462/what-does-this-php-plugin-do/
http://www.bleepingcomputer.com/forums/t/561294/ms-services-stopped-are-some-critical/
http://www.bleepingcomputer.com/forums/t/561215/volume-icon-disappeared-from-tray-cant-restore/

 

Can you help me get this organized so I don't have different BC people working on the same thing?  I'm sorry for all this confusion.


Edited by LittleGreenDots, 30 December 2014 - 09:38 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:32 AM

Posted 30 December 2014 - 10:04 AM

One topic per computer while getting assistance with malware removal. Do not start any new topics in other forums, regardless of the issue, until your computers are cleaned.

hamluis already closed the other topic for Computer #1 since you posted a DDS log.

I have closed the other two for Computer #2 since buddy215 is assisting you here...so just continue in this topic and follow his instructions.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users