Resolved Xp started behaving badly

[steeve]

Similar posted on windows os forum

my xp pro sp3 installation has developed some bad behaviour lately. it's an old install, maybe 4 years. but well maintained, all updates, anti-malware, firewall etc.

but these days it

will not see my digital camera
will not install any new hardware (printers, mice)
will not uninstall some software
restarts during reboot

otherwise, it runs sweetly and fast!

I have done the eight steps just in case. none of the anti-malware scans showed anything.

could not uninstall earlier versions of java (updates 5 and 7) because "error applying the transforms. Verify that..." must be a symptom of something...

thanks for looking anyway!

 

[Bobbye]

steeve, all he problems you mentioned could also be attributed to system problems. The entries that would be suspicious for malware are the following:
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Did you or the Administrator set these restrictions. If answer is No, they could have been set by malware. You're also running some fairly useless processes like QuickGammaLoader, FolderSizeSvc.

If you did not set the Policy Restrictions, then we can look further for malware. If you did, then I recommend that you run the following to see if the system problem(s) can be found:
Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe then under Select log to query, select:

• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

 

[steeve]

thanks bobbye

good to know that the machine is probably clean, which means my anti-malware plan is working

i did not set those policies, but my IT son may have. unlikely though because i don't use IE at all

(FolderSize is a really useful app!)

i ran VEW as instructed (why can't windows event viewer be so informative!):

Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/04/2010 7:49:34 a.m.

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/04/2010 11:13:07 a.m.
Type: error Category: 0
Event: 11321 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 05/04/2010 11:12:29 a.m.
Type: error Category: 0
Event: 11321 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 05/04/2010 10:11:30 a.m.
Type: error Category: 98
Event: 4691 Source: COM+
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Log: 'Application' Date/Time: 04/04/2010 7:44:27 p.m.
Type: error Category: 98
Event: 4691 Source: COM+
The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Log: 'Application' Date/Time: 04/04/2010 6:21:55 p.m.
Type: error Category: 0
Event: 11321 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 04/04/2010 6:21:21 p.m.
Type: error Category: 0
Event: 11321 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 04/04/2010 12:23:20 p.m.
Type: error Category: 0
Event: 4 Source: WinMgmt
Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Log: 'Application' Date/Time: 04/04/2010 12:23:18 p.m.
Type: error Category: 0
Event: 4 Source: WinMgmt
Failed to load MOF C:\WINDOWS\SYSTEM32\WBEM\IISWMI.MOF while recovering repository file.

Log: 'Application' Date/Time: 04/04/2010 12:23:18 p.m.
Type: error Category: 0
Event: 4 Source: WinMgmt
Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF while recovering repository file.

Log: 'Application' Date/Time: 04/04/2010 12:23:18 p.m.
Type: error Category: 0
Event: 4 Source: WinMgmt
Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF while recovering repository file.

Log: 'Application' Date/Time: 04/04/2010 12:23:18 p.m.
Type: error Category: 0
Event: 4 Source: WinMgmt
Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF while recovering repository file.

Log: 'Application' Date/Time: 04/04/2010 12:11:13 p.m.
Type: error Category: 0
Event: 11704 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 04/04/2010 11:16:37 a.m.
Type: error Category: 0
Event: 11704 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 04/04/2010 10:58:09 a.m.
Type: error Category: 0
Event: 11704 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 02/04/2010 2:38:46 p.m.
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Log: 'Application' Date/Time: 31/03/2010 9:24:49 a.m.
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application errornuker.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Log: 'Application' Date/Time: 24/03/2010 5:58:46 p.m.
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application icad.exe, version 6.1.8.0, faulting module icad.exe, version 6.1.8.0, fault address 0x00288c4a.

Log: 'Application' Date/Time: 24/03/2010 8:10:14 a.m.
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application freecad.exe, version 0.0.0.0, faulting module qtsvg4.dll, version 4.5.2.0, fault address 0x0001dd20.

Log: 'Application' Date/Time: 22/03/2010 10:07:05 a.m.
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cycas.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000360cb.

Log: 'Application' Date/Time: 22/03/2010 8:19:55 a.m.
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application cycas.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x000360cb.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/04/2010 7:42:40 a.m.
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cmdGuard

Log: 'System' Date/Time: 07/04/2010 7:42:40 a.m.
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The IPv6 Helper Service service hung on starting.

Log: 'System' Date/Time: 07/04/2010 7:41:05 a.m.
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IS360service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/04/2010 7:40:49 a.m.
Type: error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 06/04/2010 4:52:23 p.m.
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\DOCUME~1\st3v3\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 06/04/2010 4:52:23 p.m.
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 06/04/2010 4:52:23 p.m.
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

Log: 'System' Date/Time: 06/04/2010 7:46:25 a.m.
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cmdGuard

Log: 'System' Date/Time: 06/04/2010 7:46:11 a.m.
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IS360service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 06/04/2010 7:46:03 a.m.
Type: error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 05/04/2010 8:04:20 p.m.
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cmdGuard

Log: 'System' Date/Time: 05/04/2010 8:04:04 p.m.
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IS360service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/04/2010 8:03:55 p.m.
Type: error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 05/04/2010 6:42:29 p.m.
Type: error Category: 0
Event: 4375 Source: NtServicePack
Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.

Log: 'System' Date/Time: 05/04/2010 2:21:41 p.m.
Type: error Category: 0
Event: 4375 Source: NtServicePack
Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.

Log: 'System' Date/Time: 05/04/2010 2:17:16 p.m.
Type: error Category: 0
Event: 4375 Source: NtServicePack
Windows XP Service Pack 3 uninstall failed.
The system cannot find the file specified.

Log: 'System' Date/Time: 05/04/2010 1:35:52 p.m.
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'sr.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 05/04/2010 1:13:49 p.m.
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cmdGuard

Log: 'System' Date/Time: 05/04/2010 1:13:49 p.m.
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The IPv6 Helper Service service hung on starting.

Log: 'System' Date/Time: 05/04/2010 1:12:23 p.m.
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The IS360service service failed to start due to the following error: The system cannot find the file specified.

some comments:

i recently removed (with great difficulty) comodo IS hence the reference to cmdGuard
i tried to uninstall / reinstall sp3 in the hope of curing problems...the uninstall failed...there may be MSI issues...

thanks!

 

[Bobbye]

The recurring Event Error 4, Source: WinMgmt, Desc. .mof
(Microsoft Operations Framework)

Explanation
Windows Management Instrumentation might have tried to compile (mofcomp) a .mof file marked for autorecover, but the compilation failed. This failure is probably caused by a sequencing issue.
User Action
To correct the problem, try to compile the .mof file again. If this does not correct the problem, contact the support provider for the program in question.

Source: TechNet
The error above is related to a program you are using at the time. The only 2 I see at same time and date are:
MICROSOFT.NET\FRAMEWORK\V3.0 and WBEM\IISWMI
http://msdn.microsoft.com/en-us/library/ms525342.aspx

This is not my area. If your son is the guru in the family, he might have some insight,

This is also a 'repeater:'
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
You will need to either get him to help on the or repost in the Windows OS forum and/or possibly hardware forum.

It is also possible that the 2 restrictions I ask you about are causing the problems- ask him about that also.

Here's a shorter version of using the Event Viewer: no other program is required. It's all in the system:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Errors are time coded. The information is exactly the same!

Please run this online aV scan. If it's clean, I'll have you remove the cleaning tools:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[steeve]

OK, the online virus scan came up with nothing...convinced by the people on the windows forum...a fresh install has happened. a big thank you !

 

[Bobbye]

Thank you for the update. Sometimes the reinstall is the best way to go.
I'll close this thread now.