Customer brings me a PC that generates a few errors, and won’t display the start bar.
I can get around that by ctrl-alt-del, and then running explorer from task manager, but it quickly starts looking like another spyware infection (PC only has AVG free protection).
So I take out the HDD (and note that the case and power supply are very rusty, while the CPU fan has “solid” dust that needs to be scraped off).
I scan the HDD, and get avira and defender to remove whatever they can find (winfixer, SAP (service advertising protocol), whenusave).
But after putting the HDD back into the PC, I still get a startup error: userinit.exe application error. The application failed to initialize properly (error 0xc0000005). And the task bar still won’t show, and virtually no control panel apps will start, as well as no CMD prompt.
At least I can run regedit and a few other apps.
I try safe mode, but I get the same errors and problems.
Using hijackthis, I notice an O20 entry: __c0040e71.dat
It doesn’t look right. And when I use HJT to remove it, it reappears after the next reboot.
OK then, remove the O20 using HJT, then restart into bartPE.
Then use bartPE to rename the file.
After that, the PC finally starts correctly.
I’m starting to get annoyed at all this new malware that isn’t detectable by any antivirus/antispyware software.
I don’t really want to go down the path of using more than 2 scanners on each infected PC.
I guess its always possible to find a new infection that the security companies don’t know about (yet).