I downloaded Avast the other day to assist me in cleaning up my laptop. Everything went well except for the infamous services.exe error. After reading numerous posts on the net about how to “fix” my problem, I figured it only best to outsource my problems to the team who helped clean up everything else!!! Hopefully once I’m over this hump, I’ll be home free!?!
I’ve followed the steps in http://forum.avast.com/index.php?topic=53253.0 and am attaching the appropriate log files…
do you also have the aswMBR log?
No not yet because the topic told me not to run it until I post these first. I’m about to do it now. In the meantime, here’s the extras file…
Hi I see you have combofix on the system … Please delete that copy
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Unknown] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - [2012/06/14 13:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\Dante\AppData\Local\Temp\0182501363885925mcinst.exe -- (0182501363885925mcinstcleanup)
[2012/09/29 18:15:16 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9enf2adr.default\extensions\rbjqlghgxj@rbjqlghgxj.org.xpi
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
[2013/03/21 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
:Files
C:\Windows\Installer\{42c209d9-6f64-047c-6a65-ec5986a97d31}
C:\Users\Guest\AppData\Local\{42c209d9-6f64-047c-6a65-ec5986a97d31}
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
OK, I’ll give that a shot. Here’s the other file you requested…
It appears that after carefully following everything you asked me to do, the virus was successfully removed. However, the computer hung on start-up during the automatic reboot while running Combofix. I’m attaching both of the files you requested and will attempt a cold boot now. Hopefully all will be right in my world, and things are back to normal. If not, you’ve got my log files…haha
Let me know the result of the boot please
No good!! The only way to get in is through Safe Mode.
OK could you run OTL scan from safemode please and I will see if I can locate the problem
Use this script
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Ok thanks. Should I click “Run Scan” or “Run Fix”?
run scan
the fix is next…if essexboy find anything in that log. 
Thanks Pondus. I wasn’t sure because he gave me a script to add to the bottom portion but here’s the file…
no problem…
anyway, essexboy is in bed now so check back tomorrow.
Okay will do.
It looks as though an ADS has attached itself to the services file after it was cleaned. I will remove that now
< MD5 for: SERVICES.EXE.93A035487F176007 > [2012/09/29 10:18:19 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe.[b]93A035487F176007[/b]Warning [i][b]This fix is only relevant for this system and no other, using on another computer may cause problems[/b] [/i]
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Files
@C:\windows\SysNative\services.exe.93A035487F176007
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here’s the OTL log file and I’m sending the other file OTL created as well. Problem still exists. This time, I’m able to move past the login screen but it hangs while trying to enter Windows.
OK from safe mode do the following :
Go Start > All Programs > Accessories
Right click Command Prompt and select run as administrator
In the black box type the following :
sfc /scannow
Done. It says “Windows Resource Protection did not find any integrity violations.”
The boot process now fully brings me into Windows and allows me to see the desktop and my icons but I can’t select any of them because it’s hanging. Ive waited as long as 30 minutes to see if it allows me to select anything but nothing.
Do you have any other ideas on what may be causing this?
OK next we will take the safe boot system to main windows, this may be a conflict. Do the following in safe mode and then allow to boot to normal windows
Next we will check for driver conflicts
Step 1: Start MSConfig
Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.
Step 2: Configure Selective Startup options
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropbox.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
https://dl.dropbox.com/u/73555776/cleanboot2.JPG
4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.
Once back in windows does the problem still occur ?