Multiple services stop spontaneously in XP Pro

We have a Windows XP SP3 PC where about eighteen services suddenly stop after several hours of running.  There are no error messages or Event log entries around the time of the failure to give us any clues as to the cause.

I saw this problem 3 or 4 years ago in Windows XP Pro on a few unrelated machines, and only reinstalling the OS solved it back then.  I'm hoping someone can help with a more elegant solution this time because this particular PC acts as the server at our client's office and has software installed that we're not 100% sure how to reinstall.

Here are the services that stop each time:

Automatic Updates
Computer Browser
Cryptographic Services
DHCP Client
Distributed Link Tracking Client
Error Reporting Service
Help and Support
Logical Disk Manager
Secondary Logon
Security Center
Shell Hardware Detection
System Restore Service
Task Scheduler
Windows Audio
Windows Firewall/Internet Connection Sharing
Wireless Zero Configuration

So far, we have tried the following:

1. Uninstalled McAfee antivirus, which had been giving us problems since we installed it three weeks ago.  Ran the McAfee remover to completely clean it up

2. Ran CHKDSK on the drive

3. Ran a safe-mode scan with Super Anti Spyware and Malware Bytes

4. Rolled Windows back to a restore point from 3 or 4 days before the problem arose

5. Ran sfc /scannow (it scanned for 20 minutes then closed without saying anything)

We're ready to try a Windows repair install, but I'd love to get some ideas to actually track down this problem before we just try to blast it away.  This is an especially frustrating problem because I just don't see anywhere to get any clues (no registry entries, no error messages, no crashdump, etc.).

Thanks for any advice you can offer...

Who is Participating?

Improve company productivity with a Business Account.Sign Up

osmystatocnyConnect With a Mentor Commented:
Well this seems like a tricky one. Never had this problem before but some of the services are related to netwrok - could it be a network problem? Maybe NIC itself? Have you tried to change it? New NIC can cost you about $20 and it's probably worth trying if you can't afford to reinstall it.

Event log must give you at least information that there is something going on - btw is event log working and recording error fine? Maybe it has started after you install some updates - even though you rolled back I'd looked into it.
Dhiraj MuthaLevel DCommented:
Can you post the Event Logs?
trusnockAuthor Commented:
The Event log seems to be working fine.  It logs plenty of mundane stuff throughout the day, but there are no entries that seem related to this problem within a couple of hours before or after the services stop.

There were a dozen or so updates three weeks ago... Maybe we'll try uninstalling those.

The NIC is a good suggestion... I'll see if we can get a spare sent out there in time.

Thanks for the suggestions.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Dhiraj MuthaLevel DCommented:
run this command... Go to Start > Run and type 'sfc /scannow'. Note that you have should have a Windows XP CD available with you.
trusnockAuthor Commented:
pspqlb: As per #5 in by original post, we already tried that.
Dhiraj MuthaConnect With a Mentor Level DCommented:
Apologies, i did not read that properly. Have you tried this?
The issue is not with one service, so it is a issue with Windows OS itself. You can run Combofix ( on this system in Safe mode and try your luck, if that also does not resolves the issue the best would be to try repair the OS.
Dr. KlahnConnect With a Mentor Principal Software EngineerCommented:
Before going further, I would back up the drive.  Then I would take the drive to another system, connect it to the secondary controller, and run a couple of the online virus scanners against it.  I would also check for rootkits.




Agree with your comments on McAfee.  I have also found Norton to be problematic.  AVG seems reliable, in my experience.
orangutangConnect With a Mentor Commented:
Also, maybe there's something wrong with your Remote Procedure Call (RPC) service? Is that service still running when the other services stop?
SlouzerConnect With a Mentor Commented:
Another suggestion, mabye some joker created a buch of scheduled tasks ?
jasbosisConnect With a Mentor Commented:
when attempting to clean a virus, you need to disable system restore.  Without doing so the virus can be stored in these restore files and regenerate itself.  

right click my computer --> select properties --> click the "System Restore" tab -->  check the "Turn off System Restore on all Drives" box.

Once you do this run Malwarebytes and spybot search and destroy in safe mode after updating the definition files
Then reboot to normal mode and run adaware.

I would advise running all 3 of these programs twice.  Then run hijackthis and post the log on here.

trusnockAuthor Commented:
Slouzer: Nothing was out-of-place in the scheduled tasks

jasbosis: Here is the HijackThis log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:39:48 AM, on 11/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\AcadiaBackup\aua\bin\AuaObm.exe
C:\Program Files\AcadiaBackup\bin\Scheduler.exe
C:\Program Files\AcadiaBackup\aua\jvm\bin\AuaObmJW.exe
C:\Program Files\AcadiaBackup\jvm\bin\bschJW.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AcadiaBackup\bin\SystemTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbjob.exe
C:\Program Files\Uniblue\WinBackup 2.0\wbcdws.exe
C:\Program Files\PingPlotter Pro\PingPlotter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start"&"inst=NwA3AC0ANAAyADgANwA3ADcAOQAxADgALQBUADEALQBVADgANQArADEALQBCAEEAKwAxAC0AWABMACsAMQAtAFUAQwBBAEwATA"&"prod=90"&"ver=9.0.856
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OBSystemTray] "C:\Program Files\AcadiaBackup\bin\SystemTray.exe" (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://* (HKLM)
O15 - ESC Trusted Zone: (HKLM)
O15 - ESC Trusted Zone: (HKLM)
O15 - ESC Trusted Zone: (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC11DBFC-DBD6-49D7-AA22-1EC0259F9E5C}: NameServer =
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (file missing)
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: AutoUpdateAgent (AcadiaBackup) (OBAutoUpdate) - Unknown owner - C:\Program Files\AcadiaBackup\aua\bin\AuaObm.exe
O23 - Service: Online Backup Scheduler (Ahsay Online Backup Manager) (OBScheduler) - Unknown owner - C:\Program Files\AcadiaBackup\bin\Scheduler.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: McAfee Peer Distribution Service (RumorServer) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: IPSentry Service Manager (srvipsen) (SRVIPSEN) -  RGE, Inc. - C:\Program Files\RGE INC\IPSentry\srvipsen.exe
O23 - Service: WinBackup Scheduler (WinBackupScheduler) - Uniblue Systems - C:\Program Files\Uniblue\WinBackup 2.0\wbscheds.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

End of file - 9096 bytes
well assuming your scans ran and didnt find anything, i would rule out a virus of sorts and look into other issues..i will continue to look into your issue
trusnockAuthor Commented:
Well, we attempted to run a Windows Repair Install, but I guess the media wasn't an exact match for the installation because it didn't offer the repair install option.  We accidentally started a regular installation as a result, and it started to install windows in a new C:\WINDOWS.1 folder (and it presumably started to overwrite common files in the "C:\Program Files" folder too).

Whatever got overwritten in this partial parallel installation of Windows seems to have fixed the problem!  I don't recommend this as a solution, and I can't tell you exactly where in the installation process we cancelled it, but we don't seem to have suffered any side effects except for a corrupted IE installation (which a fresh download and install fixed).

If this happens again, we'll definitely try to get our hands on the right XP install CD so we can do a proper repair install... But for now this seems to have done the trick.

trusnockAuthor Commented:
Any suggestions for awarding points?  In the end, we solved the problem (however accieentally) ourselves, but pspglb managed to find a 5-year-old post about exactly the same problem, which I hadn't found myself.  And others made good suggestions.

Thanks everyone for your help.

I would say split the points among all those who offered assistance.
Dhiraj MuthaLevel DCommented:
Thanks a lot, good to know that my suggestion helped out a bit. I agree with Jasbosis
trusnockAuthor Commented:
I ultimately solved the problem with my own initial suggestion, but several people offered good advice and even found links to another discussion of an identical problem that I had not discovered myself.  So I'm awarding equal points to everyone who chimed in.  Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.