Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services Gone Crazy


  • Please log in to reply
11 replies to this topic

#1 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 24 August 2011 - 09:26 PM

Hi All,

I've been working on this issue all day and it's driving me crazy, time to vent it out in a nice long post...

Specs
- Dell Latitude E6500
- Windows XP Pro SP3
- 500gb Hard Drive (Seagate)
- 3.5gb RAM

Symptoms
Everything started at 8:30am this morning, computer had been working fine up until then.
- start menu minimized and disabled, off-screen sometimes
- some windows will not open, including property pages
- network services unavailable / missing, will not recognize USB drive
- event viewer errors in Apps: EventSystem 4609, STacSV 65535
- unable to access details, logged every few minutes since this AM
- system restore unavailable due to Acronis, Acronis tab empty
- audio and auto update service list as "stopping" until audio app error
- IDT Audio, unable to uninstall, error from InstallShield
- RPC service and Web client service listed as "starting" - never starts
- COM+ services set to manual, unable to start without timeout
- Windows Registry Recovery message appears at login
- One of the files containing the system's registry data had to be restored...
- slow startup and shutdown, "Windows is starting up" and "Saving your settings"

What I've Tried
- rebooted into safe mode, same service issues, unable to open certain windows / apps still
- able to restore start menu by adding a toolbar, unlocking it, removing the toolbar
- unable to load files from USB drive, system recognizes hardware but drive never appears
- rebooted to two different Windows XP Pro CDs, BSOD before menu loads
- STOP code 0x0000007B, no text reference
- scheduled and ran CHKDSK on the drive, no errors found, unable to access logs
- started COM+ event service, error: 1053 did not respond in a timely fashion
- this error happened with any other service I tried to start
- stopped RPC service while status said "starting", options all grayed out
- opened ComExp.msc (sys32/Com), crashes when nav to Com Svcs -> Computer
- ran SFC /SCANNOW, froze up at 0% with no progress, canceled
- reviewed installed applications, most recent is "Folder Marker 1.4", no other changes

I'm running out of ideas to try, so any and all help would be appreciated. I can provide some info from the OS but I am unable to copy files to/from, or analyze anything requiring a properties or details page. I'm convinced the issue has to be in the services, but I don't understand why it would affect so much more of the system, and why it appears to have started at random.

Thanks in advance!!

*Edit - added the start time of the issue

Edited by whoabuddy, 24 August 2011 - 09:27 PM.

Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

BC AdBot (Login to Remove)

 


#2 FrankOtheMountaiN

FrankOtheMountaiN

  • Members
  • 514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:03:33 AM

Posted 24 August 2011 - 09:41 PM

Visually inspect the motherboard for swollen or leaky capacitors. Look on the tops of them for swelling. This can cause all sorts of crazy. Dell had a lot of bad caps.

Frank O' The Mountain
Doing more stupid before 5AM than most people do all day.


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 24 August 2011 - 09:43 PM

Did you try system restore?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 24 August 2011 - 10:08 PM

Visually inspect the motherboard for swollen or leaky capacitors. Look on the tops of them for swelling. This can cause all sorts of crazy. Dell had a lot of bad caps.


I'd rather not disassemble it since it's a laptop, but if there are no other options I would be willing to go this route.

Did you try system restore?


I finally got to it through MSCONFIG, however it says that it cannot protect my computer at this time and requests a reboot. Same error after rebooting.

Another interesting thing - MSCONFIG gave me an error when I tried to switch to diagnostic mode for a clean boot, referencing I didn't have access to one or more of the services. I'm going to try from the built-in admin account next after resetting the password, although the user's account is a local admin.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 24 August 2011 - 10:09 PM

STOP code 0x0000007B may also be a sign of an infection.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 24 August 2011 - 10:18 PM

STOP code 0x0000007B may also be a sign of an infection.


I saw that on a few MS posts, it looks like it can refer to issues with the boot volume, driver problems, and hardware conflicts as well. I want to run a scan but I wasn't able to copy any files to the machine, although I'm looking into UBCD4WIN or another bootable solution for now. I will report back with any results.

*Edit: extra word in my sentence

Edited by whoabuddy, 24 August 2011 - 10:49 PM.

Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#7 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 25 August 2011 - 07:39 AM

I burned a copy of UBCD4WIN last night and ran both Super Anti Spyware and Avira Anti Virus. Super Anti Spyware found one item in the registry labeled Malware.Trace, no other infections were found.

I also unlocked the local administrator account and blanked the password, however when I try to set up a diagnostic startup through MSCONFIG, I still get an error that I do not have access to one of the services. I'm almost thinking it's time to reinstall XP and just start fresh, anybody have any other ideas?
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 25 August 2011 - 08:15 AM

Update: Determined to find the cause I kept running test after test, and finally I have something to go on. MemTest86+ reported several issues as soon as it started. I removed one of the 2gb sticks of RAM and I'm running it again, so far it's 16% through the pass with no errors. As soon as the test is complete I am going to reboot Windows and see if everything is working again.

It's always the little things!
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#9 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 25 August 2011 - 09:06 AM

Alas, I was too confident, too soon.

After removing the bad RAM I am still experiencing the same issues in Windows, mainly the Remote Procedure Call and WebClient service are stuck as "starting" in services.msc, and "start pending" in MSCONFIG. Since they never start, a lot of other services fail, and I am still unable to open property pages or other details. After double-clicking on a service or event viewer entry nothing happens. The start menu is still off the screen and locked as well.

I tried booting to the XP Pro CD after fixing the RAM issue, but I'm still receiving the STOP 0x0000007B error code (0xF78D2524, 0xc0000034, 0x00000000 x2).
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#10 FrankOtheMountaiN

FrankOtheMountaiN

  • Members
  • 514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:03:33 AM

Posted 25 August 2011 - 09:36 AM

If you can't boot to the CD without stop errors, then it sure sounds like a hardware problem. If you decide to go inside, check those caps. You can get a refurb main board on eBay pretty cheap. Also could be the processor got a little baked, which is common for laptops. People tend to cover the fan on the bottom, and then they overheat. Or the vent on the side gets clogged with dust. I put longer feet on my laptops! Hope you find the problem.

Frank O' The Mountain
Doing more stupid before 5AM than most people do all day.


#11 whoabuddy

whoabuddy

    Bleepin' Verbose

  • Topic Starter

  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:12:33 AM

Posted 26 August 2011 - 03:39 PM

Thank you everyone for the suggestions, I ended up giving up on a repair install when it got stuck in a loop, and the laptop now has a clean installation of Windows XP. Here is the rest of what I tried if you're interested!

- blew dust out of the case and fans as suggested (not much, but you never know!)
- checked any exposed capacitors on the motherboard, no visible damage
- set hard drive to compatibility mode in BIOS (eliminated 0x0000007B message)
- ran chkdsk on the volume, repaired partition issues, recovered some files
- restarted and repair install picked up mid-way, allowed install to continue
- received BSOD 0x00000050 before install would complete (at network settings)
- restart causes repair install to start, throws BSOD before completion (loop)

Since I was stuck halfway into the repair install I decided it was time to throw in the towel and just start from scratch.

[whoabuddy:0 | windows:1]
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#12 FrankOtheMountaiN

FrankOtheMountaiN

  • Members
  • 514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY
  • Local time:03:33 AM

Posted 26 August 2011 - 05:55 PM

woo, glad it worked out. Guess you had a freako driver or something. Good job.

Frank O' The Mountain
Doing more stupid before 5AM than most people do all day.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users