Solved

Services are not running

Posted on 2006-11-21
38
3,946 Views
Last Modified: 2012-05-05
Hi,

I have tried to stop some of remote access services of my computer running on Windows XP pro. I have also installed AVG anti virus and defragmented the C drive.

When I trun on the pc:

A. I get error message that windows defender service failed to start.
    -- I tried to start the service from the dos prompt by typing : run start windefend but nothing happening in dos.

B.  I have noticed that Network DDE, Network DDE DSEM are disabled (can't remember if I have disabled them myself),  Routing and remote access disabled.

C. Looking at the task manager, the CPU usage is 100% ! and some of executable files are running, even when I try to disable them , they appear again (such as windows messaging service).

D. When I go to Services, I can not start, stop or set services anymore...

Any idea or hope so that I can get the operating system works properly?

Thanks in advance  
0
Comment
Question by:shmz
  • 16
  • 7
  • 5
  • +4
38 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 17990557
Is the CPU always at 100%? What process is hogging it up?

Also, it should help to have a more robust process Manager, like Process Explorer.

Process Explorer for Windows v10.21
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17990564
You can extract alot more data from Process Explorer than you can with the task manager.Once you see which process is hogging the CPU, you can double click it and see what thread is utilizing so much of it.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 17990618
shmz,

Is this AVG AV the very first AV you have ever had installed on this machine?  How old is this Machine?  Is this a Work machine or your own personal machine?    SP22, correct?

Did you run the AVG scan of virus, yet?  Results?

As john noted above Process Explorer will help us decide what is going on.
0
 

Author Comment

by:shmz
ID: 17991118
AVG is installed for the first time. Machine is about 2 years old IBM G40.
It is both work and personal machine. Anti virus didn't find any virus and scanning was successful.

The CPU usage is 100% when I open task manager all the time since I am having this problem, however when I tried to log in as Administrator only without any password, in the safe mode, I could login and the CPU usage was not 100% anymore.

I installed Process Ecxplorer and I could kill some of the processes which where related to a software application I use at work (not running on the network) I could successfully kill these processes and now CPU usage is down to 0% .

AVG anti virus in the status bar shows: E-mail Scanner is not fully functional.

I still can not start a disabled service such as Network DDE, Network DDE DSEM. Start is blured. When I tried to start a random service, in Manual state, it gave me the error message, Error 1053: the service did not respond to start or control request in a timely fashion.

whe I started the machine, I got error message: Application failed to initialized: 0800106ba. Aproblem caused windows defender service to stop.
0
 

Author Comment

by:shmz
ID: 17991132
forogt to mention that my network connection settings have all gone.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991156
I would create a new user account and retest in regular mode. Sicne Safe mode allowed the problem to disappear, it indicates it is either a service failing (most services dont ruin in safe mode), but just for giggles, if you can create a new user and see  if the problems still persist, that will assist us in tracking this little guy down....
0
 

Author Comment

by:shmz
ID: 17991161
I tried to uninstall this application but add and remove screen doesn't do anything.
0
 

Author Comment

by:shmz
ID: 17991185
I have done testing above using current user account in regualr mode. should I create a new user account?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991310
What application was it you were trying to remove? If it doesnt require the MS Installer Service, you might be able to uninstall in safe mode.....Was it the Windows Defender you are trying to uninstall?
If so, that requires the Installer Service to run.

I would try and create a new user (admin level), and see how it behaves....
0
 
LVL 4

Expert Comment

by:Drizzt420
ID: 17991749
when you open task manager, what is the exact name of the service taking up 100% processor time?

Have you tried going to start, run,  and typing "msconfig", then hitting enter? This will bring up the system configuration utility, one of the last tabs, if not the last tab, is labeled "startup". see how many and what programs are configured to automatically start with the system. Personally, I uncheck everything but VPTray (which is my antivirus).

Developers increasingly seem to think they must design all of their software so that it autostarts with the system, After all, I might forget to open up Quicktime when I next had the need to watch a  .mov file, surely I would be forever stuck just  staring at the screen wondering why the file wasn't playing if it wasn't for the selflessness of the quicktime crew, willing to go that extra mile to uselessly waste some more of my systems resources.

Sorry about the rant, but having a lot of non critical, auto-running programs can slow your machine way down, among other things.
0
 

Author Comment

by:shmz
ID: 17992282
I was trying to uninstall somedeveloperappXXX application but Installer Service was disabled too!
So I just renamed the dll. The problem with CPU usage is solved by renaming the offensive somedeveloperappXXX.dll to somedeveloperappXXX_old.dll, and CPU usage is 0% when idle.

The problem I have is: Some of the services are disabled and I need to start them but I have the following problems:

A.      If service status is anything other than disabled, I can click on Start and Service control box comes up but at the end I get error message: Error 1053: the service did not respond to start or control request in a timely fashion.

B.     If service status is disabled, Start option from the menu is blured. click on properties, nothing happens.

When I go to Administrative Tools/Services, the status of services below is disabled:

Alerter
Network DDE
Network DDE DSDM
Remote Procedure Call(RPC) Locator
Routing and Remote Access
SSDP Discovery Service
Symantic Network Drivers Service
Tuneup WinStyler Theme Service
Universal plug and play device host

I think the problem is related to the fact that some services have dependency services that do not start until their dependency services start first.

John,
Network setting dosn't exist so I can not add new account, error message is that you don't have trusted relation with the domain , I have put the current users in the group.administrators but I am not sure if it is the same as user.administrator?
But I definately do get diferent performances when I log in to my work account and personal account. In my personal account I can't even get the start menu work properly.

0
 

Author Comment

by:shmz
ID: 17992295
Should I do the followings:

-Start Registry Editor (Regedit.exe).
-Locate the ObjectName value in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName
-On the Edit menu, click Modify.
-In the Value Data box, type localsystem, and then click OK.
-Quit Registry Editor.
0
 

Author Comment

by:shmz
ID: 17992324
Riiiiight!...Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services,
I can see all the services and there is Hex value for setting the Data column for start to Automatic, Manual, disabled....

I won't touch them until someone approve and tell me what to do.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 17992866
hi shmz,

my opinion is to run hijack this andpost your findings here so that we know exactly what is running in the background.


also it's unclear if you want to get rid of bit defender or repair it.

either way hjt will give us a lead in which way to help you.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 17993430
Maybe try the "Last Known Configuration" thing.
0
 
LVL 4

Expert Comment

by:Drizzt420
ID: 17993439
Check out the properties of these services that you are having trouble with. Look at the "Log On" tab and see what username they are running under, if they are using: "NT AUTHORITY\SYSTEM" then this could be part of your problem since that is a domain based account. This would also explain why you don't have all of these problems while logged into your work account. If any of the services in question are logging on using the NT AUTHORITY\SYSTEM account, try changing it so that it uses the local system account and do a reboot.



0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 17995459
shmz,

I am confused.  Is this a work computer (owned by someone you work for) or is it your own personal computer that you use for Your work (either for the company that you own or for the company that you work for)?

If this machine is owned by someone other than your self, I would notify them so they could get their IT people working on it so you don't break it further.  It is possible that they have locked down this machine so the end user can't inadvertently install something that shouldn't be there.  Looking over some of your notes also sounds like somedeveloperappXXX.dll has been written very badly.

If this is your machine and you can not log in as Administrator, you have other issues.

The reason I asked about AVG being the first AV ever installed is that it sure sounds to me like you have either a Virus or at the very least, some very bad malware.  

I'm with bgbeer for the hijackthis log.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:shmz
ID: 17998745
I just answer some of the questions in order to create less confusion.

The last known configuration didn't help at all.

I am very sure the problem is not related to hijacking.

This is my personal computer that I also use at work and a funny administrator which is not gonne be around for the next 5 days has caused all these issues, I can not even reset the password for admin on my machine.

--------------------------------------------------------------------------------

One of the changes I made to the 'Net Logon' service is:
Under properties--Logon tab
There are two radio buttons to logon as: 'local system account' and 'this account'.
The local system account was selected and there was user name and password.
I did change the selection to 'this account' and most probabely this is the cause of the problem. (I made the changes when I was logged on to my personal account). I won't explain why I did it now.

I think if I can find a way of changing it back to 'local system account' then I can start working.

* Again the problem is I can not access the properties of a service from administrative tool/service any more, is there a script somewhere else I  can view and change? *
--------------------------------------------------------------------------------


0
 

Author Comment

by:shmz
ID: 17998949
just to ensure, where can I get the hijack software?
0
 
LVL 30

Accepted Solution

by:
mtz1of4 earned 500 total points
ID: 17998990
* Again the problem is I can not access the properties of a service from administrative tool/service any more, is there a script somewhere else I  can view and change? *

I don't know of any.  

Sounds like either the funny Administrator account needs to settle this or reformatting and reinstalling the OS will fix it.

What I would attempt is actually running Msconfig and try setting the Startup to Normal or Full and starting over.  It sounds like you have done so many different attempts at circumventing something that we can't really help you out without seeing it with our own eyes.


Keep in mind, CPU usage is always 100% - This is normal especially if System Idle holds the most % most of the time.  Now if you can give us something besides System Idle that holds more than 10% for any period of time then we can discuss more options also.

If you would run HijackThis and post us a log, then we MIGHT be able to pinpoint a Process or Service that is eating you up.

If you let this Admin control your machine, you should have a password for some admin account.  Do you? If this Admin locked down your machine, you should have the right to get a message to him for his password.  This is your machine, not his/hers, correct?

Did you uninstall the last AV program before installing AVG?
0
 

Author Comment

by:shmz
ID: 17999002
To let you know I have run AVG, AD Aware and Spy bot when everything was working fine and computer must be clean from any virus. I try to install 'hijack this' as well and run it.

*but I appreciate if you give me some direction on changing the logon as to local system account.*
0
 

Author Comment

by:shmz
ID: 17999035
Yes the last AV was uninstalled before installing the new one. let me get hijcack this and get back to you.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 17999067
http://www.spywareinfo.com/~merijn/programs.php for hijackthis

Drizzt420,
*but I appreciate if you give me some direction on changing the logon as to local system account.*
0
 

Author Comment

by:shmz
ID: 17999284
mtz1of4
Do you have an email address so that I can post you the log file rather than posting it here?

I have tested the log file on http://www.hijackthis.de and the only items that were marked as 'unknown' are:

-  C:\Program Files\Seagate Software\WCS\WebCompServer.exe
-  C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
-  O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
-  O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://sauron/CFIDE/classes/CFJava.cab
-  O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\oracle\product\10.1.0\Db_3\bin\nmesrvc.exe (file missing)
-  O23 - Service: Seagate Page Server (pageserver) - Unknown owner - C:\Program Files\Seagate Software\WCS\pageserver.exe" -service -cache -deleteCache (file missing)
-    O23 - Service: Seagate Web Component Server (WebCompServer) - Unknown owner - C:\Program Files\Seagate Software\WCS\WebCompServer.exe" -service (file missing)  

and this one is 'possibly nasty':

-  C:\WINDOWS\system32\DrvMon.exe

------------------------------------------------------------
ps. I have asked funny admin to give me his password yesterday. I will be very surprised if he does.
0
 

Author Comment

by:shmz
ID: 18000705
Under C drive I have a folder called: 5141aad05d61c4c599b443759e3e4720
and subfolders: download, ip, new and many files like: ahui.exe,.... and access is denied to all of them.
Had never seen it before!

.....I assume I should slowly give up and get ready to reinstall the OS....*Help*
0
 
LVL 4

Expert Comment

by:Drizzt420
ID: 18001172
Why can you not access the properties of a service anymore? What error do you get?

Can you go to start, run, type mmc, hit enter, and load up the services snap-in from there and access it?

What about in safe mode or while logged into your work account? I'm not sure, but If I remember correctly it does not matter what account you are logged in as when you make the service logon change, the setting will effect all users. Just click the first radio button on the logon tab of the services properties page to switch back to local system account
0
 
LVL 13

Expert Comment

by:drypz
ID: 18001989
Try to run SFC /SCANNOW in command prompt to refresh your dll files. Or maybe you will need to repair your windows installation.
0
 

Author Comment

by:shmz
ID: 18004466
Drizzt420
I can see the list of services but:

A.      If service status is anything other than disabled, I can click on Start and Service control box comes up but at the end I get error message: Error 1053: the service did not respond to start or control request in a timely fashion.

B.     If service status is disabled, Start option from the menu is blured. click on properties, nothing happens.

----------------------------------------------------------
drypz
I tried the SFC/ SCANNOW , windows file protection box comes up but nothing happens.
0
 

Author Comment

by:shmz
ID: 18004473
Drizzt420
A and B above
Same story with the properties, I click on properties but no properties box comes up, is there any dos command that does the same job?
0
 

Author Comment

by:shmz
ID: 18022287
reinstalled OS.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 18025918
Unfortunately, that is an option that usually works.  Now if you give YOUR computer to your IT guy (or funny Admin) as we've come to know him, make sure YOU set the Admin Password on this computer and make sure He doesn't change it.

Keep in mind that if you set up a new Admin Account and password protect it, Windows has a default Admin account that will then only show up in Safe Mode and the password for that account is blank by default so be sure to go in to Safe Mode and set one there also so that if you loose this laptop or if someone else gets there hands on it they can't quickly damage your system.
0
 
LVL 4

Expert Comment

by:Drizzt420
ID: 18027276
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18034636
"Windows has a default Admin account that will then only show up in Safe Mode and the password for that account is blank by default"

That is a correct statement for XP Home, but not Pro. You can log in with Administrator in regular mode as well....CTRL+ALT+DEL to get a classic logon box........
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 18194678
LeeTutor,
Why would you refund points?  He reinstalled the OS which is what I told him would fix it on 11/22.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 18196850
Thanks, Lee.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Disclosure: Use this tutorial only when no other options helps to get Windows XP running without any problems and you don't want to format the drive. The back up of the data is the responsible of the user, however there is a description of how t…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now