Helpdesk 4 You

One of my client came to me with an laptop that seems to auto shutdown when getting into the log-in screen. When turning on the computer, once the laptop gets into the log-in screen, an error message pop-up. “‘C:\WINDOWS\SYSTEM32\services.exe’ terminated unexpectedly with status code -1073741482.The system will now shut down.”  This is followed by a 30 second count down that will eventually shut down the computer. I was unable to log-in at all.  The following are the steps I took to investigate and solve the problem.

1. Boot into safe mode- on a dell laptop, press F8 after turning on the computer and select Safe Mode with Network
2. Tried to install Malewarebytes, was unable to start the problem, same thing happen with other various anti-maleware programs.
3. Services seems to constantly start and stop, explorer.exe was constantly crashing.
4. At this point it looks like the maleware is either corrupt or deleted important system files from the system.
5. Boot the computer using the XP CD. (It would be best to have a windows cd that has the same Service pack as the one your computer is currently on, if not you will need to reinstall the service pack)
   You may need to change the boot order in the system BIOS so the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and change the boot order.
6. When you see the “Welcome To Setup” screen, you will see the options below
   This portion of the Setup program prepares Microsoft
   Windows XP to run on your computer:

   To setup Windows XP now, press ENTER.

   To repair a Windows XP installation using Recovery Console, press R.

   To quit Setup without installing Windows XP, press F3.

7. Press enter , do not choose “To repair a Windows XP installation using the Recovery Console, press R“,Accept the License Agreement and Windows will search for existing Windows installations.
8. Select the XP installation you want to repair from the list and press R to start the repair. If Repair is not one of the options, END setup
9. Windows will start copying and rewriting all the necessary files  and reboot
10. When windows reboot again, do not press any cd to boot from the cd when the message appear.
11. Follow through the installation process
12. You should be able to log in now, I went ahead and install maelwarebytes and did a fast scan
13. found various malwares, trojans and backdoor went ahead and remove them and reboot
14. I usually start with a fast scan, if I find something I would usually follow up with a full scan
15. Perform a full scan, remove any malware objects and reboot
16. Reset Internet Explorer browser setting to default
17. Run windows updates and install any security updates (In my case since the computer was original a SP3, and the windows CD was a SP2, I had to reinstall SP3)
18. Update Flash player, Java

At this point I did another fast scan to make sure everything was fine and did a hijackthis scan. Everything looked good! I went ahead a did a performance tune up to make the computer faster and remove/delete system restore in case there were additional maleware in the system restore files.

Tools Used

• Malewarebytes -www.malwarebytes.org
• Hijackthis- http://free.antivirus.com/hijackthis/

One of the interesting problem I encountered while setting up a new computer for a end user was printing PDF file. Here is how it went down and how I fixed it:

Windows XP Professional SP3/Dell

1. The end user first said that he wasn’t able to print anything at all.
2. At first the print spooler service was down. I restarted the print spooler service and it crash again.
3. Taking a look at the event viewer under system, found an interesting error “Faulting application spoolsv.exe, version 5.1.2600.5512, faulting module ZSR.DLL, version 6.20.1625.0, fault address 0x0001f979″
4. Googled the error message, it seems to be related with HP 1020 series printer
5. Many people had the same exact problems with different solutions offered
6. Seems to be related to the ZSR.dll file that was causing the print spooler service to crash
7. The HP 1020 printer was worked fine previous computer, so there must be something different with the driver on the new computer compare to the old computer
8. Pull up the old computer and compared the print drivers, to locate the print driver, go to
   C:\WINDOWS\system32\spool\drivers\w32x86 and select the printer
9. Looking at date modified, the old computer had an older version of the print driver compare to the new computer.
10. Upon closer inspection, the old computer had no ZSR.dll files while the new print driver contain ZSR.dll
11. At this point I decided to completely uninstall the printer, print driver and Adobe Reader from the new computer
12. To completely remove the print driver, go to Start – Printer and Faxes – File – Server Properties
13. Click on the driver tab and remove the Problem Printer Driver (If your unable to start print spooler service, detach the printer USB cable connecting to your computer and try again, if that doesn’t work you will need to restart your computer)
14. Click Remove and Select OK
15. Now you will need to clean the Print Spooler registry
16. Download and Install  from this website http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en
17. Run cleanspl.exe
18. When you run, it will ask you if you want to remove some things that are actually delivered and install by default on your windows computer, you want to answer No to those prompts, do not remove Standard TCP/IP port or the BJ Language Monitor
19. Restart your computer
20. After I have restarted the computer, I went ahead and installer the old printer driver, ( it was a HP 1020 series USB driver last modified was in 2006 version)
21. Let it auto detect and manually install using the print driver’s INF file
22. Perform a test print to make sure it is able to print
23. Install Adobe Reader or Acrobat
24. Print different PDF file to make sure the print spooler doesn’t crash
25. Check to make sure the ZSR.dll does not exist

By replacing the current HP 1020 series print driver with a older 2006 version of print driver that does not contain ZSR.dll I was able to stop the print spooler from crashing. I know there is a lot of people having this similar problem, hopefully my resolution may help you guys.

*Update*  Downloading the Hp Full Package Printer Software will also solve this problem since it does not contain the ZSR.dll file