Expert: Brian Benosky - 2/7/2008

Question
QUESTION: The other day I was trying to play a new video game on my computer and it wasn't working, so I tried to install new video drivers for my NVIDIA graphics and I think I did it correctly.  I then rebooted and everything was normal, but the game still didn't work.  After I was done using the computer for that session, I shut it down.  Later, I turned it back on and I was like OMG What happened!!!!  The Start Menu/Bottom bar went from the normal XP blue to the ugly Classic look.  I went to change it by going to right click on the desktop and go to Properties->Appearance, but the only choice there is now WINDOWS CLASSIC, no other choices.  So I decided to load up the internet, but Firefox said "No connection found" so I went to Network Connections and there is NOTHING THERE.  It tries to give me a message saying something along the lines of "Microsoft ICS is not installed."  By this time I was totally freaking out.  I rebooted again in safe mode just because I was worried, and I ran Spybot S&D, and my Symantec Antivirus program, the Spybot found a few problems, and Antivirus found two things that it said it had controlled.  I then rebooted not in safe mode and ran both programs, this time coming up clean.

I have no clue why this happened, or what to do to fix it.  I'm afraid to try to install my network card drivers in case it's some sort of virus that will spread to this and other computers in my house.  I ran HiJackThis (on recommendation by this site) which was already on my system, but I don't know if it's safe to put in a USB flash drive or something to copy the file over to this computer to post.  Could this be a virus, or something that went wrong with installing the new video drivers, or something worse?  I am really at a loss right now and would appreciate your help.

ANSWER: Hi Scott

I'll try to help you out here.  Go to Start => Run and type in "regedit" {without the quotes}

Navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer

In the right-hand pane, right-click on NoSimpleStartMenu and Modify
its Value to decimal 0 [dword:00000000]

Logoff and logon again (or restart) for the changes to take effect.

*or*

If unable to find the above, go to http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to #271 and run the registry tweak.

As for your ICS error, try this:
To install ICS:
1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
2. Click Internet Tools on the Windows Setup tab, and then click Details.
3. Click to select the Internet Connection Sharing check box, click OK, and then click OK again.
4. Follow the instructions to run the ICS wizard.

If you are unable to get an internet connection after that, try some of the suggestions here:
http://support.microsoft.com/kb/238135

Next, when you can reconnect, make sure your HJT is the latest version, 2.0.2...if not, please download  from the following link:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in a follow-up here.

Brian

---------- FOLLOW-UP ----------

QUESTION: Okay, I received your response and tried to perform the tasks you outlined.  I
went to the registry and to the spot you named, but ther eaws no value of
NoSimpleStartMenu.  So I couldn't modify it to 0 like you said.  Then I went to
the website you linked (on this computer) and saved the file #271 to a USB
flash drive.  Then I went and put it in the bad computer but it can't even find
the flash drive.  So then I tried the ICS tip you gave me.  I went to
Add/Remove Programs and picked an option on the left side called
Add/Remove Windows Components, that was the closest in name to the
steps you gave.  I couldn't find anything about ICS there, though.  Also I tried
to put new HJT on that comp by USB with no success, so the HJT results thing
I have on there I also cannot send to this computer to get to you.

Also I discovered some other problems.  I went to Device Manager, and there
is NOTHING AT ALL THERE.  I was like WHOA, because there should be things
there right?  I also went right clicked on the desktop to go to the display
window where you choose like resolution etc. and went to Advanced, where it
says something along the lines of NO VIDEO CARD FOUND or something like
that.  Is my problem probably a virus or something else or can you even help
me or what should I do next.

Thank you for responding once, I would appreciate another nice response!

ANSWER: Hi Scott

I'm sorry that you are having so much trouble.  At this point, my only suggestion to get the computer back to a working state is by doing a complete reinstall of Windows, or, at the very least, a repair install.  It would depend on if there is data on the computer that you can't lose.  If everything can be replaced, then by all means load your Windows disc in and boot up to reinstall.  If you have files or folders that are irreplaceable, then try a repair install.  There is a complete guide available here:
http://www.michaelstevenstech.com/XPrepairinstall.htm
If you do attempt a repair, know that whatever virus you have will still be there afterwards.  Immediately after repairing, boot to Safe Mode with Networking, go to the following link and run a scan:
http://www.eset.com/onlinescan/
After that, run a HJT so we can attempt to find out what we are dealing with.  Good luck.

Brian

---------- FOLLOW-UP ----------

QUESTION: Okay, I feared I would have to do something like this from the beginning.  I am relieved that I can do this "Repair" instead of totally reinstalling XP, as there are several quite expensive programs on my machine which I no longer have the CD for to reinstall.  From reading around on the site you linked me, I am recommended to back up my data.  If my CD burner drive is ABLE to write CDs still (I haven't checked) I assume it'd be best for me to backup some things onto CDs?

Also, I see I'm supposed to boot to safe mode with networking after doing this repair install.  I want to clarify something.  Is there any danger of whatever is on that machine somehow interacting with the other computers in my home network and infecting them?  Would it be best to maybe UNPLUG them from the network just in case, during this time?  Also, I use a wireless internet card on that computer, should I attempt to install the wireless card drivers after the Repair install (Otherwise I don't know if I can connect to the internet)?  Or would it be better to use the regular ethernet port (I think one came standard with it, would that not need extra drivers installed?)

Man, you're a total lifesaver here so far.  I hope this works and thank you for all the responses so far.  I'm just a bit nervous about this step because of the possiblity of data loss.  Have you ever performed the actions on this site or successfully helped someone do so?

Answer
Hi Scott

Yes, I have performed a repair install several times.  I only recommend it as a last resort.  In your case, there is nothing else you can do, since your system files have become so corrupted.  Yes, if possible, transfer as many files as you can to CD.  After that, run a scan on the CD from a clean computer to make sure you won't be re-infecting the repaired computer.  Once the repair procedure is complete, you will want to use Safe Mode until you are sure that the virus is gone.  I would use the ethernet port to connect online (those drivers are installed with Windows).  Unplug your other computers from the internet while you are working on that computer.  After the virus is gone, you should boot normally, then install all Windows Updates (including SP2).  If you want, you can e-mail me at numbersix6@yahoo.com if you run into further questions.  

Brian