S
SMH
My question is: I have a really damaged system, and where do I go from
here?
Here is the background:
This is sort of a log (yes, chronologically presented) of what you would
call the user's ultimate nightmare. The log is as good in detail as my
short-term memory is.
By the way, the system we are talking about is:
* WinXP Professional pre-installed
* WinXP SP2 from MS Update site
* running on HP/Compaq nx7010 laptop with standard stuff (wireless yes)
1. INSTALLATION OF SCIENTIFIC SOFTWARE
I installed some scientific software that I think damaged the registry
among other things.
I knew that the installation of this software on another person's PC had
caused problems, and so I was careful to create a System Restore point
before the installation.
I realize now I was a fool to believe that System Restore would actually
function as a System Restore.
2. THE FIRST SIGNS OF THE NIGHTMARE
After the installation the most immediate (first seen) problem was:
Runtime Error! Program: C:\Windows\System32\bcmwltry.exe
This application has requested the Runtime to terminate it in
an usual way. Please contact the application's support team for
more information.
This is a Broadcommm wireless driver, or so I understand.
3. WHY WASN'T MY HOPE FOR SYSTEM RESTORE A VAIN HOPE **BEFORE** I
INSTALLED THE SOFTWARE?
When I went to System Restore, the window showed up COMPLETELY BLANK. Not
much else to say.
When even System Restore is damaged, you know that you are in for a long
week, perhaps the longest of your life, because we are after all talking
about Microsoft's Windows XP.
4. FIRST ATTEMPTS AT TRYING TO UNDO THE DAMAGE
One of my first attempts was to try to uninstall the software that had
precipitated all these problems. Like any good virus, it not only makes a
mess of the system, but it refuses to uninstall.
Of course, I shouldn't call it a virus. When I called the vendor to yell
at him that the software installation had cause problems in two computers,
he challenged me to show him. I had already installed the software in
another little used computer, and the limited look I had of it had caused
no problems in that one PC. When he came, we installed it two more
computers, one regularly used by a very unsophisticated user and the other
hardly used at all. No apparent malfunction.
Now the two computers that were damaged are used by very sophisticated
users who have lots of software on them, probably running at startup, so
its entirely possible that the software installation created a conflict in
these heavily used and loaded computers, and so things start to fall off
from there.
I still had to wonder what software installation damages the registry so
badly??? Or fails to uninstall itself after have JUST been installed? The
vendor had no answer except to say that the problem with our computers came
from elsewhere, and I had no proof to contradict him.
Now the other user has turned over the desktop to a student who does info
tech (but is not paid for it), and their approach to burn on a CD
everything under My Documents, REFORMAT THE HARD DRIVE, then re-install XP.
I don't want that option since a great deal of data is lost in directories
OUTSIDE the My Documents tree doing a re-format, and the time it takes to
patch up a broken system seems less than re-installing applications and
trying to remember critical data.
5. SOMETHING ABOUT "COM SERVICE"?
Perhaps it was error log entries----hundreds, even thousands!---showing up
saying something about Source:COM and Event:10022.
I cannot open Component Services->Computer because when I do, the window
immediately disappears.
I also no longer have the ability to see a dialog within Administrative
Tools whenever I select Properties. Indeed, I can't see the Properties
dialog after selecting from within the popup of many menus.
The computer had slowed down significantly. One of the reasons was it was
making error logs about a COM problem.
6. TRYING TO DO REGISTRY FIXES WITH THIS OR THAT PERSON'S VBS SCRIPT
One tends to get a lot of well-meaning, if not entirely good, advice about
fixing damaged registry entries. This advice tells you to modify this
entry or even run a script (like a VBS file) or merging a REG file.
I usually inspect the files before running them, but what the hell do I
really know about how modifying one entry or another does. The person
recommending it has MVP they add to their name, and they seem to talk
knowledgeably about Windows XP, so you go with your gut instinct that they
know what the hell they are talking about.
The problem is that my anti-virus software is not aware of my gut instincts
about running this or that script file.
And some anti-virus software is bound and determined never to let that
happen, no matter what the user wants, or so it seems.
And so while trying to run this or that registry-modifying process, my
anti-virus software made it impossible for me to do it (see next section).
7. DISABLING THE ANTIVIRUS SOFTWARE
I was no longer getting updates on Norton Anti-Virus anyway (lapsed 60-or
90-day trial subscription), so why would I let it stop me from doing
something legitimate by attempting to run a vbs script?
I would not have uninstalled it, except that the reason was that I could
not get the dropdown list from the "Possible Malicious Program Wants To
Run" dialog from NAV to drop down and give me the option of running it, an
effect I assumed was from the earlier installation, in which it damaged the
dropdown list feature (anyone ever heard of that?)
So my only choice was to uninstall the anti-virus software.
Do you know how hard it is to uninstall Norton?? Ever try taking a meaty
bone out of a hungry dog's mouth? Yeah, now you know what I mean.
I ended up starting in Safe Mode and going into a command line and directly
resorted to using "del *.*" within the NAV directories!
I then re-started the system normally, and determinedly ran the VBS script
I wanted to run. It should have been another vain hope that it would solve
all my problems.
Yes, I was still connected to the network, but I had Zone Alarm running.
7. SYSTEM FILE CHECK: BEEN THERE, DONE THAT
I should have thought of this earlier, but did run it based on more
Internet advice: sfc /scannow
There was no report of anything out of the ordinary...actually no report at
all, whether run from the Run dialog or from within a command line
interface.
But then it would not check the registry now, would it?
7. RE-INSTALLING THE ANTI-VIRUS
After a while, I gave up trying this or that registry fix, and thought it
best to re-install at least some anti-virus protection to go with the
firewall.
I tried putting in a CD for Symantec's NAV, but now it is telling me that
the Windows Installer is damaged.
So then I went to Avast (I had run my trial with AVG) and it found a worm,
Win32:Vibpack. That seems consistent with a process seen in the Task
Manager going by the name "SVCHOST.EXE" that was slowing everything down
(it now and then uses a large part of the CPU, and its Mem Usage grows over
time to well over 200,000 KB). An End Process can be used to stop it, but
it certainly comes back on a reboot or perhaps when I do something else
(use Explorer? another application?).
The fact that a worm or virus is still running around loose in my system
and that Avast is unaware of it meant that I was determined to get NAV
installed, if only to fix the Windows Installer, whose defect was creating
lots of problems with Add/Remove Programs in which the program was
installed by it. I found a Microsoft support page that talks about the
error, and tried implementing the changes (msiexec /regserver from safe
mode), and then installing Windows Installer 3.1. Norton still reports a
problem, and so I am beginning to think that the worm/virus is behind this.
Why?
Because I can open a web browser (HTTP client)---I use Firefox usually, but
IE when I have to----and go to almost any page. EXCEPT the Windows Update
page...the place a user would go to fix problems and rout out viruses,
right? What virus/worm writer with any sense does not understand that.
Moreover, I have seen this problem before with a Windows 2000 system, which
the virus/worm not only stopped access to Windows Update, but it could even
prevent Norton from running!
Other signs and symptoms now showing a very ill-but-still-working system:
a. APPLICATIONS NOT IN TASKBAR: Running applications do not appear in the
Taskbar! This is the most annoying! I have to use Alt-Tab to switch
between applications and just to find them (for when I minimize any window,
its existence can only be determined by Alt-Tab). Yes, many Taskbar
toolbars DO show up: QuickLauch, Language Bar, the two I use. But the
never-used toolbars (Address, Desktop) also come on and off when checked
and unchecked, respectively.
b. POPUP COPY-AND-PASTE MENU COMMAND DYSFUNCTION IN SOME APPLICATIONS:
Copy and Paste from popup menus does not work BETWEEN APPLICATIONS: I
can't copy text from within a web document or address bar and paste it into
anything. The Paste command does not even highlight in the popup menu,
although it appears. I have also found out that I cannot copy and paste
between drives (from hard to a flash drive)...the copy works, but there is
no paste.
Note that I can use Ctrl-X cut and Ctrl-V paste from within this news
message composer/nntp client to cut and paste text (I am doing it now).
But I cannot copy selected text using Ctrl-C or the popup Copy command with
an HTTP client (Firefox or IE) and paste it here.
c. PROPERTIES DIALOGS DON'T SHOW: I have already talked about the
inability to get Properties dialogs to appear (draw) after selecting them
from a popup menu. This is especially true with Control Panel elements,
and from within Administrative Tools.
d: BLACK-COLORED HIGHLIGHT FOR SUBMENUS: Click Start button and move the
cursor over any item. You know how it turns to a darker or lighter color
to indicate the menu item is conditionally selected and will be selected
with the mouse button click. Well at least you can SEE the selected item.
Now what would you see if the RGB color setting on the highlighted menu
item had a value of 0x000000, effectively the color "black"? That is what
I am seeing. Also my application menus are blacked out, from the menu
header to the menu item. For example, in Notepad, I put the cursor in
Edit, it becomes blacked out, and when I go to Select All, it too is
blacked out.
=======================
I am thinking that there is maybe just 1 or 2, maybe even 5 or 6 registry
entries that need to be changed, and then all this bizarre behavior will go
away. It beats burning 14 CDs to save the My Documents tree, then losing
everything in Program Files in a total disk format, then re-installing XP,
certainly in time and damage.
Certainly if I were intimately familiar with every system file and every
registry key in XP, it'd already be solved.
What am I looking at in terms of restoring this system back to health?
here?
Here is the background:
This is sort of a log (yes, chronologically presented) of what you would
call the user's ultimate nightmare. The log is as good in detail as my
short-term memory is.
By the way, the system we are talking about is:
* WinXP Professional pre-installed
* WinXP SP2 from MS Update site
* running on HP/Compaq nx7010 laptop with standard stuff (wireless yes)
1. INSTALLATION OF SCIENTIFIC SOFTWARE
I installed some scientific software that I think damaged the registry
among other things.
I knew that the installation of this software on another person's PC had
caused problems, and so I was careful to create a System Restore point
before the installation.
I realize now I was a fool to believe that System Restore would actually
function as a System Restore.
2. THE FIRST SIGNS OF THE NIGHTMARE
After the installation the most immediate (first seen) problem was:
Runtime Error! Program: C:\Windows\System32\bcmwltry.exe
This application has requested the Runtime to terminate it in
an usual way. Please contact the application's support team for
more information.
This is a Broadcommm wireless driver, or so I understand.
3. WHY WASN'T MY HOPE FOR SYSTEM RESTORE A VAIN HOPE **BEFORE** I
INSTALLED THE SOFTWARE?
When I went to System Restore, the window showed up COMPLETELY BLANK. Not
much else to say.
When even System Restore is damaged, you know that you are in for a long
week, perhaps the longest of your life, because we are after all talking
about Microsoft's Windows XP.
4. FIRST ATTEMPTS AT TRYING TO UNDO THE DAMAGE
One of my first attempts was to try to uninstall the software that had
precipitated all these problems. Like any good virus, it not only makes a
mess of the system, but it refuses to uninstall.
Of course, I shouldn't call it a virus. When I called the vendor to yell
at him that the software installation had cause problems in two computers,
he challenged me to show him. I had already installed the software in
another little used computer, and the limited look I had of it had caused
no problems in that one PC. When he came, we installed it two more
computers, one regularly used by a very unsophisticated user and the other
hardly used at all. No apparent malfunction.
Now the two computers that were damaged are used by very sophisticated
users who have lots of software on them, probably running at startup, so
its entirely possible that the software installation created a conflict in
these heavily used and loaded computers, and so things start to fall off
from there.
I still had to wonder what software installation damages the registry so
badly??? Or fails to uninstall itself after have JUST been installed? The
vendor had no answer except to say that the problem with our computers came
from elsewhere, and I had no proof to contradict him.
Now the other user has turned over the desktop to a student who does info
tech (but is not paid for it), and their approach to burn on a CD
everything under My Documents, REFORMAT THE HARD DRIVE, then re-install XP.
I don't want that option since a great deal of data is lost in directories
OUTSIDE the My Documents tree doing a re-format, and the time it takes to
patch up a broken system seems less than re-installing applications and
trying to remember critical data.
5. SOMETHING ABOUT "COM SERVICE"?
Perhaps it was error log entries----hundreds, even thousands!---showing up
saying something about Source:COM and Event:10022.
I cannot open Component Services->Computer because when I do, the window
immediately disappears.
I also no longer have the ability to see a dialog within Administrative
Tools whenever I select Properties. Indeed, I can't see the Properties
dialog after selecting from within the popup of many menus.
The computer had slowed down significantly. One of the reasons was it was
making error logs about a COM problem.
6. TRYING TO DO REGISTRY FIXES WITH THIS OR THAT PERSON'S VBS SCRIPT
One tends to get a lot of well-meaning, if not entirely good, advice about
fixing damaged registry entries. This advice tells you to modify this
entry or even run a script (like a VBS file) or merging a REG file.
I usually inspect the files before running them, but what the hell do I
really know about how modifying one entry or another does. The person
recommending it has MVP they add to their name, and they seem to talk
knowledgeably about Windows XP, so you go with your gut instinct that they
know what the hell they are talking about.
The problem is that my anti-virus software is not aware of my gut instincts
about running this or that script file.
And some anti-virus software is bound and determined never to let that
happen, no matter what the user wants, or so it seems.
And so while trying to run this or that registry-modifying process, my
anti-virus software made it impossible for me to do it (see next section).
7. DISABLING THE ANTIVIRUS SOFTWARE
I was no longer getting updates on Norton Anti-Virus anyway (lapsed 60-or
90-day trial subscription), so why would I let it stop me from doing
something legitimate by attempting to run a vbs script?
I would not have uninstalled it, except that the reason was that I could
not get the dropdown list from the "Possible Malicious Program Wants To
Run" dialog from NAV to drop down and give me the option of running it, an
effect I assumed was from the earlier installation, in which it damaged the
dropdown list feature (anyone ever heard of that?)
So my only choice was to uninstall the anti-virus software.
Do you know how hard it is to uninstall Norton?? Ever try taking a meaty
bone out of a hungry dog's mouth? Yeah, now you know what I mean.
I ended up starting in Safe Mode and going into a command line and directly
resorted to using "del *.*" within the NAV directories!
I then re-started the system normally, and determinedly ran the VBS script
I wanted to run. It should have been another vain hope that it would solve
all my problems.
Yes, I was still connected to the network, but I had Zone Alarm running.
7. SYSTEM FILE CHECK: BEEN THERE, DONE THAT
I should have thought of this earlier, but did run it based on more
Internet advice: sfc /scannow
There was no report of anything out of the ordinary...actually no report at
all, whether run from the Run dialog or from within a command line
interface.
But then it would not check the registry now, would it?
7. RE-INSTALLING THE ANTI-VIRUS
After a while, I gave up trying this or that registry fix, and thought it
best to re-install at least some anti-virus protection to go with the
firewall.
I tried putting in a CD for Symantec's NAV, but now it is telling me that
the Windows Installer is damaged.
So then I went to Avast (I had run my trial with AVG) and it found a worm,
Win32:Vibpack. That seems consistent with a process seen in the Task
Manager going by the name "SVCHOST.EXE" that was slowing everything down
(it now and then uses a large part of the CPU, and its Mem Usage grows over
time to well over 200,000 KB). An End Process can be used to stop it, but
it certainly comes back on a reboot or perhaps when I do something else
(use Explorer? another application?).
The fact that a worm or virus is still running around loose in my system
and that Avast is unaware of it meant that I was determined to get NAV
installed, if only to fix the Windows Installer, whose defect was creating
lots of problems with Add/Remove Programs in which the program was
installed by it. I found a Microsoft support page that talks about the
error, and tried implementing the changes (msiexec /regserver from safe
mode), and then installing Windows Installer 3.1. Norton still reports a
problem, and so I am beginning to think that the worm/virus is behind this.
Why?
Because I can open a web browser (HTTP client)---I use Firefox usually, but
IE when I have to----and go to almost any page. EXCEPT the Windows Update
page...the place a user would go to fix problems and rout out viruses,
right? What virus/worm writer with any sense does not understand that.
Moreover, I have seen this problem before with a Windows 2000 system, which
the virus/worm not only stopped access to Windows Update, but it could even
prevent Norton from running!
Other signs and symptoms now showing a very ill-but-still-working system:
a. APPLICATIONS NOT IN TASKBAR: Running applications do not appear in the
Taskbar! This is the most annoying! I have to use Alt-Tab to switch
between applications and just to find them (for when I minimize any window,
its existence can only be determined by Alt-Tab). Yes, many Taskbar
toolbars DO show up: QuickLauch, Language Bar, the two I use. But the
never-used toolbars (Address, Desktop) also come on and off when checked
and unchecked, respectively.
b. POPUP COPY-AND-PASTE MENU COMMAND DYSFUNCTION IN SOME APPLICATIONS:
Copy and Paste from popup menus does not work BETWEEN APPLICATIONS: I
can't copy text from within a web document or address bar and paste it into
anything. The Paste command does not even highlight in the popup menu,
although it appears. I have also found out that I cannot copy and paste
between drives (from hard to a flash drive)...the copy works, but there is
no paste.
Note that I can use Ctrl-X cut and Ctrl-V paste from within this news
message composer/nntp client to cut and paste text (I am doing it now).
But I cannot copy selected text using Ctrl-C or the popup Copy command with
an HTTP client (Firefox or IE) and paste it here.
c. PROPERTIES DIALOGS DON'T SHOW: I have already talked about the
inability to get Properties dialogs to appear (draw) after selecting them
from a popup menu. This is especially true with Control Panel elements,
and from within Administrative Tools.
d: BLACK-COLORED HIGHLIGHT FOR SUBMENUS: Click Start button and move the
cursor over any item. You know how it turns to a darker or lighter color
to indicate the menu item is conditionally selected and will be selected
with the mouse button click. Well at least you can SEE the selected item.
Now what would you see if the RGB color setting on the highlighted menu
item had a value of 0x000000, effectively the color "black"? That is what
I am seeing. Also my application menus are blacked out, from the menu
header to the menu item. For example, in Notepad, I put the cursor in
Edit, it becomes blacked out, and when I go to Select All, it too is
blacked out.
=======================
I am thinking that there is maybe just 1 or 2, maybe even 5 or 6 registry
entries that need to be changed, and then all this bizarre behavior will go
away. It beats burning 14 CDs to save the My Documents tree, then losing
everything in Program Files in a total disk format, then re-installing XP,
certainly in time and damage.
Certainly if I were intimately familiar with every system file and every
registry key in XP, it'd already be solved.
What am I looking at in terms of restoring this system back to health?