XP machine is having serious issues

[NADIAZIPPER]

Not sure what happened, but I am having several probles with an XP machine. I can not install any windows updates, either by automatic, going to their site or downloading individual updates and running from the desktop. I get the same error code 0x80080008. Also when I try and go to a network connections there is no prpertoes tab, when I right click I get a " Do not have permission, see admin..." I am logged on with a domain admin account, I have logged in with the local admin account as well and get the same issues. Any idea what the problem is?

Also when looking through the user groups on the machine I seem to have a lot of account that are not normally there and I can not delete them, groups like Domain Admins, Print Operators and Pre-windows 200 access, they all have decriptions with the begining of "Proxy for account..."

Any ideas what happened?

 

[paulovey]

Hi,

First off you want to keep the groups you see in computer management. They are part of windows and cant be deleted.

It sounds as though something nasty may have found its way into the system, have you checked for viruses/spyware.

If you run msconfig, look on the "startup" tab do you see anything that looks out of place.

Check in the registy
under

HKLM_Software_Microsoft_Windows_CurrentVersion_Run

and

HKLM_Software_Microsoft_Windows_CurrentVersion_RunOnce

If there is anything that looks suspect in here, remove it!

But im sure I dont have to say this, but when in the registy BE CAREFUL, if your not sure what your removing is important, leave it.

You could try running some 3rd party spyware tools on the pc.

From expirence the best ones that I use are

Ad Aware SE
Spybot Search and Destroy
Hi-Jack this
CW-Shredder

Paul

If aint broken, dont try n fix it!!!!!

 

[NADIAZIPPER]

I have looked, this machine is only used with the IT dept, on a very seldom basis. We use symantec v10 and enterprise version of spysweeper. and honestly this machine is not used at all to access any email.

As far as the groups, I looked at severeal other machines, and none of my regular XP Pro machines have them, any idea what there are used for?

 

[paulovey]

Hi,

The groups are pre-defined groups that you can add users to allow access/permisson to the pc in question. In the same way you can add users to groups in AD to give them domain access. Every XP Pro I have ever built has had them in Comp Mgnt.

But moving on to the issue in question, So if we have excluded the virus/spyware, Is there anything useful in the event logs.

You say you are logged in as a domain admin account, when you look in local users and computers on the pc, are the users accounts shown in the correct format domainname\username??

You could try taking the computer out the domian, putting in a workgroup then readdding.

Are any other things wrong with the PC, can you browse the network from My Network Places. Can you browse the web, do progams that run over the network run?

I guess if the worse comes to the worst, you can always try a system restore to a earlier date.

Cheers,

Paul

If aint broken, dont try n fix it!!!!!

 

[NADIAZIPPER]

Funny thing...There are no restore points, actually there is one, I was using SP2 install to see if it would repair any issues about an hour ago, other than that restore point there is nothing else there.

Event log, I have a lot of event:1090, usource:serenv
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

I have accessed other computers and printers off of our network, web access works, both local and external

We use a program called script logic to run logon/logoff scripts, install programs, etc. That has been erroring out, looked at their website for help, tried their solutions and nothing.

I think whatever the main problem is , is causing all the other problems as well.

 

[CharlieJax]

Given the issue seems to come up when you try to download updates it is likely that the machine has some mal-ware running on it.

You can try Hijack this to remove the malware as well as cleaning out the temporary internet files, the ActiveX objects in the browser, and the temporary files on the machine.

The temp files might be in three places (under the user profile c:\doc and settings\username\local settings (this is a hidden folder)\temp, then c:\temp, and c:\windows directory\temp.

All of these can have everything deleted from them safely.

Personaly, if it is really bugging you it might just be easier to rebuild the machine from scratch. (FDISK and clean it up).

CJ

Don't drink and post, save that for driving home!

 

[NADIAZIPPER]

This PC really does not get used, its a way for our techs to remote in localy so that we can work on local machines with tools from a local machine. i does not get used for accessing email or surfing the web. This is a corporate environment and we don't have problems with people hacking in.

I think the issue something went corrupt, or some piece of software went bad. I am logged in as an admin, I should be able to view network properties. I think the real question is a problem as rights. seems nobody nomatter who you are has rights to do anyting, I think thats why the updates bomb out, they can't get access to the proper authority.

 

[NADIAZIPPER]

On a side note, the only reason we realized there was a problem is because of WSUS. We started testing and it was the only machine that kept erroring out. Once I connected in I realized I could not even install manually any updates.

 

[linney]

How To Reset Security Settings Back to the Defaults

http://support.microsoft.com/?id=313222#1

http://www.google.com/search?source...G,GGLG:2005-28,GGLG:en&q=0x80080008+update+xp

http://groups.google.com/groups?sou...G,GGLG:2005-28,GGLG:en&q=0x80080008+update+xp