Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System And Applications Failures (unable To Initialize) In The Event Viewer - Services Will Not Start


  • Please log in to reply
16 replies to this topic

#1 CaptainKillgore

CaptainKillgore

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 24 January 2008 - 05:40 PM

Hello there!

Just to let you know the context: I have recovered from a severe malware (Trojan.Vundo) infestation with the kind help of
SifuMike from this very forum.
Before I decided to turn myself towards a helping hand, I had to tackle with the infestation myself and namely had to dapple with/into services.msc and msconfig to disable some programs that would load at startup. This in order to try to prevent further spread of the infestation.

Though the infestation is gone my PC running under Windows XP Professional SP2 still has some malfunctions
- one of the most troubling facts is that if I put on the password protected screensaver, when it resumes to fast switching user welcome page, the password I type in to log in does not work... Note that I run an administrator account. I need to shut down and restart the computer to be able to log in...

- When I try to install/uninstall software, I have to start manually the Windows Installer Service and nonetheless receive he following error message "the RPC server is unavailable" although the Remote Procedure Call (RPC) service is started...

- in the System section of the Event Viewer, I can see numerous errors pointing to services that fail to start: e.g. and to name a few, Remote Access Connection Manager, Application Layer Gateway Service, Workstation service, Computer browser service, Routing and Remote Access, SSDPSRV service, SSDP Discovery Service, etc.

- ditto in the Application section of the Event Viewer, e.g. MS-DTC Service, DCOM+ service, Windows search service, etc.

I read that most services rely on others to start (i.e. the first being prerequisites for the latter to start). However I cannot see (because those areas are greyed out) dependencies in the dependencies tab.
I would like to ensure that I have all the necessary and useful services running on my PC.
I see that some services (such as MS-DTC for instance) are not able to log on (their log in is password protected) but do not know what to do about it. In this respect I recall that I deleted a NT Authority\System account while my PC was infected (due to the weird name, I suspected it was in relation to the infestation.. hard luck!).

I should be most grateful if someone could give me a helping hand in relation to the above. Do not hesitate to request from me any log or list of running services or errors in the System and Applications sections of the Event Viewer.

Thank you very much for your kind assistance.

Looking forward to reading from you.

Regards,
Captain Killgore

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:54 PM

Posted 24 January 2008 - 05:57 PM

Hello,

It sounds like that the system has been through a lot.

Download advanced windows care, the free version http://www.iobit.com/advancedwindowscareper.html this should solve quite a few of the problems and provide a solid foundation to diagnose further problems.

In services.msc you mention that the dependencies list are greyed out, how long have you left the list to populate? the list takes anything from a few seconds to a minute to usually load. open the dependencies tab of installer and leave it for a while.

Let us know how it goes.
Regards,

Alan.

#3 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 January 2008 - 04:46 AM

Hi Nigglenush85!

Thank you for your post.

I have downloaded the software as per your instructions and have run it. There were numerous problems that have been taken care of in one click. So far so good.

As far services.msc are concerned, the list of services does populate. However, for certain services which I am pretty sure have dependencies, the "dependencies" tab in the properties of the services are empty/blank.

Now that we have a good/clean starting point, where do we go from here? Thank you very much for your kind assistance.

Looking forward to reading from you.

Best regards,
Captain Killgore

#4 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:54 PM

Posted 26 January 2008 - 06:45 AM

Glad it worked, Could you go to the event viewer, and see if there are any errors. Next, I would advise setting the services back to their defaults, an extensive list can be found at http://www.blackviper.com/WinXP/servicecfg.htm
When you select the dependencies tab, on the service Alerter, it should have top box saying workstation and the bottom saying No Dependencies do the boxes appear blank or do they say no dependencies? If they are blank, it has not loaded the information.
Regards,

Alan.

#5 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 January 2008 - 10:45 AM

Hi nigglesnush85!
Just to let you know that there are still errors in the System and Applications sections of the Event Viewer.
I also confirm I cannot see the dependency Workstation in the dependencies tab of the Alerter service.
As per your instructions I will revert the services back to their default configuration and will keep you posted.
Again thank you for your assistance.
Best regards,
Captain Killgore

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:54 PM

Posted 26 January 2008 - 10:52 AM

You might be able to fix whatever is wrong with your settings, services, etc...by doing a repair install of XP.

This would give you a new set of system files (and, hopefully, default services/settings), it's worth considering, IMO.

How to perform a repair installation of Windows XP if Internet Explorer 7 is installed - http://support.microsoft.com/?kbid=917964

Repair Available in Windows XP - http://www.theeldergeek.com/repairing_windows_xp.htm

Louis

#7 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 January 2008 - 11:15 AM

Hi Hamluis!
Thank you for your post.
Actually I do not consider a repair install of Windows XP as an option.
Best regards,
Captain Killgore

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:54 PM

Posted 26 January 2008 - 01:45 PM

Did reverting the services back to default values fix the issues? With the many variants of the Vundo infection, the damage isn't easy to identify (let alone fix) - so there aren't many options left after this.

Is there a particular reason for not using a repair install? It is an automated way of repairing nearly all of the Windows system files (and is, IMO, far better than SFC.EXE) - while still retaining your programs and data. It's main downside is the need to reinstall Windows Updates.

Beyond that you're left with a clean install of Windows - which is a more drastic solution, but will provide you with a brand spanking new copy of Windows. Since the clean install will wipe your hard drive clean it's got several things going against it (and it's why we recommend the repair install). They are:
1) Reinstalling Windows Updates (same as for a repair)
2) Reinstalling drivers (if using a Windows XP installation CD)
3) Backing up your data (a clean install wipes everything off of your hard drive)
4) Reinstalling your applications to setup your system the way you want.

Edited by usasma, 27 January 2008 - 03:21 PM.
strikethrough

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 January 2008 - 01:48 PM

Hi Nigglesnush85!

For your information I followed your instructions and set the services back to their default status as described on the web page.

As for the service Alerter, the top box of the dependencies tab reads "No Dependencies" (note that the box is not empty;
however still no trace of workstation). The bottom box also reads "No Dependencies".

It seems that there are no more errors in the Applications section of the Event Viewer, which I consider good news and very promising :thumbsup:

However as fort the System section of the Event Viewer, the following services do not work :
- Workstation service,
- Computer Browser,
- DCOM Server Process Launcher,
- DNS Client service,
- TCP IP Net Bios service,
- Parallel Port Driver,
- Active Common Service,
- SSDP Discovert Server,
- Universal Plug and Play,and
- Windows Media PLayer Network Sharing Service.

The following services do not work as a result of a failure to log on as NTAuthority\Localservice (in this respect I remember having deleted an account which may well be NTAuthority\Localservice at the time of the infestation of my PC;
however, as far as I can recall, the name was not exactly "NTAUthority\Localservice beacuse it had figures in it and was
at the time odd enough to deserve deletion (or so I thought!):
- DNS Cache Service,
- LmHosts Service,
- SCardSVR service,
- WebClient service,
- ASPNET state service,
- Remort Registry service,
- ALG service,and
- SSDPSRV service.

I hope all the above is a bit helpful.

Again thank you for your kind assistance in this matter.

Looking forward to reading from you,

Best regards,
Captain Killgore

#10 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:54 PM

Posted 26 January 2008 - 03:18 PM

If the services are set back to their default values and the errors still persist then you might want to use the sfc. To do this go to start then run and type
sfc /scannow

If this doesn't repair the problem, then you may have to do a repair install.
Regards,

Alan.

#11 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 27 January 2008 - 11:42 AM

Hi nigglesnush85!

Thank you for your post above.

I understand that a Windows XP repair would be the most efficient way to try and recover/set back to default the services and missing log on authorities which appear in the Event Viewer error logs (though they are much more seldom as compared to before we set the services back to their default status).

However, before I resort to such reasonably drastic solution, I would like to be reassured. I understand that the repair install does not alter my windows settings and windows data, so far so good. How about my program files and all the register key entries? Are those wiped out? Will I need to reinstall programs? Will I need to reconfigure my internet settings, my devices, etc.? Getting Microsoft updates over the Internet is find with me but I really do not feel like reinstalling my programs...

What annoys me most is that if I put on the password protected screensaver (or even if I "fastswitch" to another User account), when it resumes to the fast switching User welcome page, the password I type in to log in does not work... Note that I run an administrator account. I need to shut down and restart the computer to be able to log in... Any ideas to solve that issue would be welcome.

There is also a way that I would like to explore, if that is possible: the security policies. Indeed I deleted an account : the NT Authority/Localservice... Is this a viable way? Is it worth the try? Please let me know.

Thank you very much for your kind assistance.

Looking forward to reading from you.

Best regards,
Captain Killgore

#12 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 27 January 2008 - 11:45 AM

Ooops!
I forgot to mention that I have run sfc /scannow and there were no issues about the integrity of the windows/system files in my windows installation.
Otherwise there are still some errors (though fewer) in the Event Viewer log.
Captain Killgore out.-

#13 CaptainKillgore

CaptainKillgore
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 30 January 2008 - 01:44 AM

(...)

#14 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:54 PM

Posted 30 January 2008 - 10:32 AM

You need to read the links in hamluis post, the elder geek link says that data and settings are not destroyed. It can take a long time, you may need to re instal programs, you may need to backup files just to be on the safe side.

If the sfc /scannow was unable to help the situation then there is not that much else that can be done.
Regards,

Alan.

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:54 PM

Posted 30 January 2008 - 01:18 PM

A repair install should leave all data and programs installed...exactly as they are now.

Affected files will be XP/operating system files, including all critical updates currently installed which are not included on the CD used to do the repair install.

If you have SP2 installed now, then the CD used to do the repair should also have SP2 on it. All critical updates since SP2 (about 100 of them) will have to reinstalled via WinUpdate once the repair is complete and the system has rebooted. Be sure that the Windows firewall (or another firewall) is active before moving on to WinUpdate...I learned that lesson in one of my earlier years when I was hit by Blaster Worm less than a minute after I had done a clean install :flowers:.

Of course...something could always go wrong, which is why the customary backup-your-system-before-proceeding precaution is given to those contemplating a repair install.

And...you need to have your XP key handy :thumbsup:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users