Start Menu and Services Don't Load

[Citrono]

Well the computer started out not starting into Windows. It'd get to the WindowsXP screen and then restart before loading a bar. I fixed this by going to the Recovery Console and running chkdsk. Then once I got into Windows, there was no start menu and it took over 2 minutes to even load to the desktop. A lot of the services were also not running. Windows update will not run either. I'd rather figure out how to fix this before reformatting.

Specs:

AMD 3200+ 64bit
MSI K8T Neo
Windows XP Pro w/ Service Pack2
ATI x800 Pro
Maxtor 120GB SATA HD


Just ask if you need any more details, thanks

Here are some screenshots that took a while to get since I can't even copy and paste urls and also had some problems with Paint.

http://img178.exs.cx/my.php?loc=img178&image=desktop6wr.jpg
http://img178.exs.cx/my.php?loc=img178&image=services6za.jpg

 

[mechBgon]

What are you using for firewall and antivirus protection? Any likely causes you can think of (I opened a MSN Messenger link, I installed some warez, I visited a risky website, whatever)?

 

[Citrono]

it's not my computer but the computer has Symantec Antivirus and the built in XP Firewall

 

[mechBgon]

By "Symantec Antivirus" do you mean, like, Corporate? Or is it a version of Norton Antivirus (if so, what year is it, hopefully 2004 or 2005 and using the latest definitions). Also, is the antivirus software running, or is it experiencing difficulties too?

 

[Citrono]

it's a computer at a LAN and it won't even show C: in it, just the floppy. Live update also won't run.

 

[mechBgon]

Ok, can you do this:

1) download HijackThis from here: http://www.spywareinfo.com/~merijn/downloads.html

2) run that, and copy/paste the text from its logfile into this thread

3) unplug the affected computer from the LAN in case it has a virus, so the virus can't spread through the rest of the LAN. Use some other computer to get stuff and post here.

4) if you have a network administrator, bring this to his/her attention.


Also, if you could elaborate on some of the questions I had

 

[Citrono]

I believe it's a Corporate version and it's not Norton AV. It's installed to C:/Program Files/Symantec Antivirus if that helps at all. I also would check what's running in task manager, but it's disabled through the group policy and nothing loads in there.

 

[mechBgon]

Do you have an Administrator-class account on this system? Is it going to be kosher with the system's owner if you get a little feisty with it and install/remove stuff? And gimme that HijackThis log

 

[Citrono]

it's an administrator account and I can do what I want . The hijackthis log is going to be difficult since I can't copy and paste on that computer.

 

[mechBgon]

1) grab a thumb drive and download the win_betaengdat.zip file from here. This is a McAfee command-line scanner.

2) extract the contents of that Zip file to C:\McAfee on the afflicted computer.

3) disable System Restore if possible.

4) reboot the problem computer into Safe Mode.

5) run the following command using Start > Run, which is one single-line command even though it's going to wrap a couple lines here on the Forums:

C:\McAfee\scan.exe /adl /all /allole /analyze /del /dohsm /mailbox /manalyze /mime /html C:\report.html /panalyze /program /streams /unzip /winmem

and let it rip. The part that says /html C:\report.html tells it to create a file called "report.html" in C:\ that tells you what it found and what it did.

6) post the contents of the C:\report.html so people can see what types of threats you're up against, if any.

7) remember that installing Windows is probably faster than slugging it out with viruses in Safe Mode

 

[mechBgon]

Originally posted by: Citrono
it's an administrator account and I can do what I want . The hijackthis log is going to be difficult since I can't copy and paste on that computer.

It will make a .txt file containing the text. Can you email it? If so, I can give you my email address: tmcfadden(a)omnicast(dot)net

 

[Citrono]

uhh I just uploaded the .log to angelfire www.angelfire.com/mo3/infstats/hijackthis.log

 

[mechBgon]

Originally posted by: Citrono
uhh I just uploaded the .log to angelfire www.angelfire.com/mo3/infstats/hijackthis.log

k, that is from an outdated version of HJT but still sheds some light. Your system has DeepFreeze installed, it looks like. It ought to revert to its DeepFreeze image at every reboot. If you did a WinXP Recovery Console approach, DeepFreeze might now be Very Angry At You and it might be time for a WinXP reinstallation.

Back to HJT... you can have it remove the following, preferably in Safe Mode:

[*]O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

[*] O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

[*]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

[*]O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML


I would also install the Microsoft AntiSpyware Beta software from Microsoft's site if it'll install, then update it and run a full scan (in normal mode, it doesn't do Safe Mode). If it finds spyware/adware, go down the list and make sure it's all set to Remove, no Ignore.

 

[Citrono]

The computer has been thawed out and I'll do that mcafee and then HJT.

 

[mechBgon]

Good luck there, I've got to call it a night :moon:

 

[Citrono]

I tried to install Microsoft AntiSpyware and I get the Windows installer error. "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance." I'm not in safe mode