We help IT Professionals succeed at work.

Multiple services stop spontaneously in XP Pro

trusnock
trusnock asked
on
988 Views
Last Modified: 2012-05-10
We have a Windows XP SP3 PC where about eighteen services suddenly stop after several hours of running.  There are no error messages or Event log entries around the time of the failure to give us any clues as to the cause.

I saw this problem 3 or 4 years ago in Windows XP Pro on a few unrelated machines, and only reinstalling the OS solved it back then.  I'm hoping someone can help with a more elegant solution this time because this particular PC acts as the server at our client's office and has software installed that we're not 100% sure how to reinstall.

Here are the services that stop each time:

Automatic Updates
Computer Browser
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
Error Reporting Service
Help and Support
Logical Disk Manager
Secondary Logon
Security Center
Server
Shell Hardware Detection
System Restore Service
Task Scheduler
Windows Audio
Windows Firewall/Internet Connection Sharing
Wireless Zero Configuration
Workstation


So far, we have tried the following:

1. Uninstalled McAfee antivirus, which had been giving us problems since we installed it three weeks ago.  Ran the McAfee remover to completely clean it up

2. Ran CHKDSK on the drive

3. Ran a safe-mode scan with Super Anti Spyware and Malware Bytes

4. Rolled Windows back to a restore point from 3 or 4 days before the problem arose

5. Ran sfc /scannow (it scanned for 20 minutes then closed without saying anything)

We're ready to try a Windows repair install, but I'd love to get some ideas to actually track down this problem before we just try to blast it away.  This is an especially frustrating problem because I just don't see anywhere to get any clues (no registry entries, no error messages, no crashdump, etc.).

Thanks for any advice you can offer...

-Tom
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Dhiraj MuthaLevel D

Commented:
Can you post the Event Logs?

Author

Commented:
The Event log seems to be working fine.  It logs plenty of mundane stuff throughout the day, but there are no entries that seem related to this problem within a couple of hours before or after the services stop.

There were a dozen or so updates three weeks ago... Maybe we'll try uninstalling those.

The NIC is a good suggestion... I'll see if we can get a spare sent out there in time.

Thanks for the suggestions.
Dhiraj MuthaLevel D

Commented:
run this command... Go to Start > Run and type 'sfc /scannow'. Note that you have should have a Windows XP CD available with you.

Author

Commented:
pspqlb: As per #5 in by original post, we already tried that.
-Tom
Dhiraj MuthaLevel D
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Slouzer: Nothing was out-of-place in the scheduled tasks

jasbosis: Here is the HijackThis log...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:48 AM, on 11/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\AcadiaBackup\aua\bin\AuaObm.exe
C:\Program Files\AcadiaBackup\bin\Scheduler.exe
C:\Program Files\AcadiaBackup\aua\jvm\bin\AuaObmJW.exe
C:\Program Files\AcadiaBackup\jvm\bin\bschJW.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AcadiaBackup\bin\SystemTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbjob.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbcdws.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\PingPlotter Pro\PingPlotter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\IT\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ"&"inst=NwA3AC0ANAAyADgANwA3ADcAOQAxADgALQBUADEALQBVADgANQArADEALQBCAEEAKwAxAC0AWABMACsAMQAtAFUAQwBBAEwATA"&"prod=90"&"ver=9.0.856
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe" (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229628831093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229628821765
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC11DBFC-DBD6-49D7-AA22-1EC0259F9E5C}: NameServer = 192.168.1.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (file missing)
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: AutoUpdateAgent (AcadiaBackup) (OBAutoUpdate) - Unknown owner - C:\Program Files\AcadiaBackup\aua\bin\AuaObm.exe
O23 - Service: Online Backup Scheduler (Ahsay Online Backup Manager) (OBScheduler) - Unknown owner - C:\Program Files\AcadiaBackup\bin\Scheduler.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: McAfee Peer Distribution Service (RumorServer) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: IPSentry Service Manager (srvipsen) (SRVIPSEN) -  RGE, Inc. - C:\Program Files\RGE INC\IPSentry\srvipsen.exe
O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Uniblue Systems - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 9096 bytes

Commented:
well assuming your scans ran and didnt find anything, i would rule out a virus of sorts and look into other issues..i will continue to look into your issue

Author

Commented:
Well, we attempted to run a Windows Repair Install, but I guess the media wasn't an exact match for the installation because it didn't offer the repair install option.  We accidentally started a regular installation as a result, and it started to install windows in a new C:\WINDOWS.1 folder (and it presumably started to overwrite common files in the "C:\Program Files" folder too).

Whatever got overwritten in this partial parallel installation of Windows seems to have fixed the problem!  I don't recommend this as a solution, and I can't tell you exactly where in the installation process we cancelled it, but we don't seem to have suffered any side effects except for a corrupted IE installation (which a fresh download and install fixed).

If this happens again, we'll definitely try to get our hands on the right XP install CD so we can do a proper repair install... But for now this seems to have done the trick.

-Tom

Author

Commented:
Any suggestions for awarding points?  In the end, we solved the problem (however accieentally) ourselves, but pspglb managed to find a 5-year-old post about exactly the same problem, which I hadn't found myself.  And others made good suggestions.

Thanks everyone for your help.

-Tom

Commented:
I would say split the points among all those who offered assistance.
Dhiraj MuthaLevel D

Commented:
Thanks a lot, good to know that my suggestion helped out a bit. I agree with Jasbosis

Author

Commented:
I ultimately solved the problem with my own initial suggestion, but several people offered good advice and even found links to another discussion of an identical problem that I had not discovered myself.  So I'm awarding equal points to everyone who chimed in.  Thanks.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.