Lots of strange problems XP pro sp2

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have received 1 of 11 PC's all exhibiting the same behavior. They are from
an office with roughly 50 PC's total. Here's the symptoms:
1. No Task bar
2. In event viewer if you try to open an event the properties window will
not open.
3. In group policies you cannot double click on any of the policies to get
the detail window to open.
4. In Device Manager you cannot open any of the properties for any of the
devices.
5. Cannot stop or start any services.
6. The System Restore Tab is missing.
7. Created a new local administrator user and cannot logon on locally,
error: Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network....etc...
8.After logging on as local administrator or any local user it takes roughly
40 seconds before the desktop appears.
9.Properties for Network Places is a blank window, yet device manager shows
the nic.
10. Used a USB thumb drive to copy the Symantec tools to the PC. Cannot copy
and paste them to the PC. Had to run them from the thumb drive.
11. Remote desktop users shows only 1 user with just the head icon and no
name after it.

Here's what I've tried so far. Ran McAfee, Fprot, Adaware, and the last 8
symantec virus removal tools - all come back clean finding nothing. There are
no strange process running in Task Manager. Checked the "run" setting in the
registry under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER and there isn't
anything there. Nothing strange in msconfig's Startup. I am baffled. Anyone
have any ideas?
Thanks much,
Bob C

 

[Janice]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Take a look here
http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
like they've been infected with a worm.


"Bob C" <Bob C@discussions.microsoft.com> wrote in message
news:B9D6ABFE-A820-44B5-8EDF-D4235F686ABE@microsoft.com...
>I have received 1 of 11 PC's all exhibiting the same behavior. They are
>from
> an office with roughly 50 PC's total. Here's the symptoms:
> 1. No Task bar
> 2. In event viewer if you try to open an event the properties window will
> not open.
> 3. In group policies you cannot double click on any of the policies to get
> the detail window to open.
> 4. In Device Manager you cannot open any of the properties for any of the
> devices.
> 5. Cannot stop or start any services.
> 6. The System Restore Tab is missing.
> 7. Created a new local administrator user and cannot logon on locally,
> error: Windows cannot log you on because your profile cannot be loaded.
> Check
> that you are connected to the network....etc...
> 8.After logging on as local administrator or any local user it takes
> roughly
> 40 seconds before the desktop appears.
> 9.Properties for Network Places is a blank window, yet device manager
> shows
> the nic.
> 10. Used a USB thumb drive to copy the Symantec tools to the PC. Cannot
> copy
> and paste them to the PC. Had to run them from the thumb drive.
> 11. Remote desktop users shows only 1 user with just the head icon and no
> name after it.
>
> Here's what I've tried so far. Ran McAfee, Fprot, Adaware, and the last 8
> symantec virus removal tools - all come back clean finding nothing. There
> are
> no strange process running in Task Manager. Checked the "run" setting in
> the
> registry under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER and there isn't
> anything there. Nothing strange in msconfig's Startup. I am baffled.
> Anyone
> have any ideas?
> Thanks much,
> Bob C
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thank you Janice for replying. I've tried the solutions mentioned in that
post. The registry does not contain any of those entries. I agree, I too
think this is some kind of worm...I just can't find it! One other thing I
forgot to mention...the PC also exhibits the same behavior in safe mode.
Thanks,
Bob C.

"janice" wrote:

> Take a look here
> http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
> like they've been infected with a worm.

>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Was SP2 installed just before these problems started? Have they installed
any other updates or programs? If this started just after SP2, uninstall it
just to see if this is the cause. Any chance that all of these PCs were
built using the same software image?

"Bob C" wrote:

> Thank you Janice for replying. I've tried the solutions mentioned in that
> post. The registry does not contain any of those entries. I agree, I too
> think this is some kind of worm...I just can't find it! One other thing I
> forgot to mention...the PC also exhibits the same behavior in safe mode.
> Thanks,
> Bob C.
>
> "janice" wrote:
>
> > Take a look here
> > http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
> > like they've been infected with a worm.
>
> >
> >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi Ephod and thanks for taking the time to reply. I'm told by the company's
tech that sp2 was loaded on all PC's, not just these 11, a very short time
after it's release. It was installed manually on each PC. And believe it or
not they don't use images, so each box was also loaded manually. I asked the
same questions about anything new, new software, any type of changes in any
way, any user admitting they opened any strange emails and was told no,
nothing has changed and no one admits to any strange emails. I've never seen
anything like this before with no apparent virus/spyware/worm footprint to be
found.
Thanks,
Bob

"Ephod" wrote:

> Was SP2 installed just before these problems started? Have they installed
> any other updates or programs? If this started just after SP2, uninstall it
> just to see if this is the cause. Any chance that all of these PCs were
> built using the same software image?
>
> "Bob C" wrote:
>
> > Thank you Janice for replying. I've tried the solutions mentioned in that
> > post. The registry does not contain any of those entries. I agree, I too
> > think this is some kind of worm...I just can't find it! One other thing I
> > forgot to mention...the PC also exhibits the same behavior in safe mode.
> > Thanks,
> > Bob C.
> >
> > "janice" wrote:
> >
> > > Take a look here
> > > http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
> > > like they've been infected with a worm.
> >
> > >
> > >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

With all the symptoms you have listed it sounds like the administrative
profile may be corrupted. I found an article that explains how to remove the
built in administrative account and have it recreated. It applies to Win2k
and may not be an exact match, but it might point you in the right direction.
I'll keep looking to see if one exists for WinXP.

"Bob C." wrote:

> Hi Ephod and thanks for taking the time to reply. I'm told by the company's
> tech that sp2 was loaded on all PC's, not just these 11, a very short time
> after it's release. It was installed manually on each PC. And believe it or
> not they don't use images, so each box was also loaded manually. I asked the
> same questions about anything new, new software, any type of changes in any
> way, any user admitting they opened any strange emails and was told no,
> nothing has changed and no one admits to any strange emails. I've never seen
> anything like this before with no apparent virus/spyware/worm footprint to be
> found.
> Thanks,
> Bob
>
> "Ephod" wrote:
>
> > Was SP2 installed just before these problems started? Have they installed
> > any other updates or programs? If this started just after SP2, uninstall it
> > just to see if this is the cause. Any chance that all of these PCs were
> > built using the same software image?
> >
> > "Bob C" wrote:
> >
> > > Thank you Janice for replying. I've tried the solutions mentioned in that
> > > post. The registry does not contain any of those entries. I agree, I too
> > > think this is some kind of worm...I just can't find it! One other thing I
> > > forgot to mention...the PC also exhibits the same behavior in safe mode.
> > > Thanks,
> > > Bob C.
> > >
> > > "janice" wrote:
> > >
> > > > Take a look here
> > > > http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
> > > > like they've been infected with a worm.
> > >
> > > >
> > > >

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

There is one other thing you could try, go to a good machine at this company
and go to c:\windows\system32\config and copy the systemprofile folder. Go
to a bad PC (after backing it up) copy this folder to the same location,
reboot and give it a shot. You may need to boot to a third party utility
(like ERD Commander or winPE)to copy these files since you don't seem to have
administrative rights. Hope all this helps.

"Ephod" wrote:

> With all the symptoms you have listed it sounds like the administrative
> profile may be corrupted. I found an article that explains how to remove the
> built in administrative account and have it recreated. It applies to Win2k
> and may not be an exact match, but it might point you in the right direction.
> I'll keep looking to see if one exists for WinXP.
>
> "Bob C." wrote:
>
> > Hi Ephod and thanks for taking the time to reply. I'm told by the company's
> > tech that sp2 was loaded on all PC's, not just these 11, a very short time
> > after it's release. It was installed manually on each PC. And believe it or
> > not they don't use images, so each box was also loaded manually. I asked the
> > same questions about anything new, new software, any type of changes in any
> > way, any user admitting they opened any strange emails and was told no,
> > nothing has changed and no one admits to any strange emails. I've never seen
> > anything like this before with no apparent virus/spyware/worm footprint to be
> > found.
> > Thanks,
> > Bob
> >
> > "Ephod" wrote:
> >
> > > Was SP2 installed just before these problems started? Have they installed
> > > any other updates or programs? If this started just after SP2, uninstall it
> > > just to see if this is the cause. Any chance that all of these PCs were
> > > built using the same software image?
> > >
> > > "Bob C" wrote:
> > >
> > > > Thank you Janice for replying. I've tried the solutions mentioned in that
> > > > post. The registry does not contain any of those entries. I agree, I too
> > > > think this is some kind of worm...I just can't find it! One other thing I
> > > > forgot to mention...the PC also exhibits the same behavior in safe mode.
> > > > Thanks,
> > > > Bob C.
> > > >
> > > > "janice" wrote:
> > > >
> > > > > Take a look here
> > > > > http://forum.iamnotageek.com/showthread.php?t=75781&goto=nextnewest. Sounds
> > > > > like they've been infected with a worm.
> > > >
> > > > >
> > > > >