After logging in to a user on Vista SP2, all I have is a screen of my wallpaper. Using ctrl+shift+esc brings up the task manager just fine and I can run a few programs from the "New Task" button. However, if I try to run explorer.exe, you can see it start up in the "Processes" tab of Task Manager, and then it just disappears after a second or two.
What I've tried:
I checked in the HKLMSoftwareMicrosoftWindowsNTCurrentVersionWinlogon location and Shell correctly has the value of "explorer.exe"
Creating a new user doesn't seem to work. I can log in as the hidden Administrator account just fine, but any other user get the crashing explorer.exe.
If I boot into Safe Mode I can log in to any user just fine.
I have run multiple virus/spyware/malware/adware scans including Avira, Norton, Spybot S&D, Ad-Aware, and MalwareBytes, all in Safe Mode, and I'm clean
My mom asked me to fix this computer for her because it had a nasty virus that did a bunch of other things, including not allowing an update to Vista SP2. I fixed all of that and got the update to work, and everything now is virus free.
Part of getting SP2 to install was running this script:
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
And that seemed to work to install SP2.
Other Info that may be related or unrelated:
I've tried installing the newest windows update for the malicious removal tool. Windows update will say that it installed successfully but will later continue asking me to download and install it. When checking c:windowssystem32mrt.exe, I noticed that I can't delete it. It says that I don't have permission to do so.
It also appears that I can't use task manager to force-quit applications. Again, it says that I don't have permission. Because of this, I've tried disabling UAC. Security Center shows that it is ENABLED, but when I go into control panel to UNCHECK the box so that I can DISABLE it, the box is already unchecked. Confusing, I know.
Anyway, any help would be greatly appreciated. Thanks!
Here's the ComboFix and HijackThis logs, too.
And yes, I know I wasn't supposed to run ComboFix.
Edited by garmanma, 21 December 2009 - 09:14 PM.