Windows XP boot problem, virus?


I have a Windows 2003 Network.  2 Servers, one is SBS Win 2003 and other is a file server / terminal server Win 2003.  I have about 15 workstations, a mix of Win XP and Win 2000.

One of my Win XP machines is giving me problems this morning, I'm scratching my head a bit and don't know how I should attack the problem.  This is where I'm at........

User comes in this morning and boots up her computer.  From what I understand everything at first boot up went fine.......except when boot up was finished she had an error telling her that "Norton Antivirus has errors and needed to but shut you want to send this info Microsoft".  From this point I'm involved.  I see this error sometimes.......usually not a big deal, so first thing I tried was a reboot.  Upon reboot the computer hangs at "Applying Computer Settings".  Interesting......So, I did a little research and found that people get around this by unplugging the network cable.  So I did that, and reboot again.......this time I get past "Applying Computer Settings" and now I get the chance to enter my login information.  So I enter login info (administrator) and now I'm hanging at "Loading Your Personal Settings".   So I tried booting in Safe Mode........and it worked......I was able to get to the desktop.......So I tried to run Norton Virus Scan.  I open Norton, and I go to the scan section, I hit the scan button, and nothing happens........Norton just hangs.

So this is where I'm at.......I suspect this to be a virus, but I can't get a scan to run to find out.  I should tell you that I had this computer taken apart last week for a cleaning, and I pulled the heatsink off and reattached with some Artic Silver.  The computer ran good for 3 days (better than it was before I took it apart).  And I ran a load on the processor when I was in safe mode and it seemed to be running fine.  So I don't think this is the problem, but I've been wrong before.   :-)

Anyone have any ideas?

Who is Participating?
DoTheDEW335Connect With a Mentor Commented:
Just a few questions:
1) Did you try uninstalling Norton AV in safe mode? (If it's damaged or corrupt it isn't doing you any good at this point and uninstalling/reinstalling may help
2) How long did you wait at the Loading "Your Personal Settings" screen?
3) Did you check the event viewer in System and Applications and look for any specifics that could help
4) Have you scanned the HDD for bad sectors?

I use #3 alot to look for problems.
Hi Bryce,
I had something similar start on a computer Friday morning, but mine ended up being a corrupted HDD.

Can you remove that HDD, slave it off another computer (with updated DAT files) and scan it from there?

Depending on the layout of your computers, that may be the simplest way to eliminate/confirm malware.

strick9Author Commented:

Thanx for the reply.......that does make sense......I just wish there was something easier I could try first.   I'll have to wait until tomorrow morning to try this.  I have another computer that was ordered from Dell at the same time and is the exact same model / setup.   So, I will try it there.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

strick9Author Commented:

I decided to go ahead and take this thing apart now.......maybe you can help me further.  These computers have SATA ATA drives......and I'm used to the old ribbon cable setup.  There is only one spot to plug in a SATA cable on the motherboard.  Do they make a cable with 3 connectors on it?  Like you use to see with the old ribbon cable setup?  How would I connect 2 hard drives to this one motherboard.

I think I need to get a new A+ cert.   :-)

Sorry about the delay - I had to make a service call.
If you tell me the exact model of the 'good' computer, I can probably find a diagram of the second SATA connection on the motherboard. You should be able to plug the bad SATA HDD right into a turned off good computer, then boot up.

Also - I now have three of these ( to carry with me on all Service Calls.

They let you connect SATA and IDE (3.5 or 2.5 inch) HDD's via USB cable to a functioning computer.
strick9Author Commented:
Vic, the two computers are Dell Optiplex model GX520.

I did swap hard drives and the "bad" hard drive had the same problem in the "good" computer.  Also the "good" hard drive worked in the "bad" computer.
strick9Author Commented:
After doing a little research, I'm pretty sure there is only one SATA port on this fact I have 4 of these machines and all of them are the same model.  And they are the only ones that support SATA I guess my only other option is to buy that nifty tool you posted earlier.

Is a reputable site?  Can I buy from there?
I bought two of those from buyextras and one from
Both sites delivered quickly, about the same price, but slightly different devices.

The buyextras device is (imo) better and I read about them here on EE.

If you wanted to get something local - you could also try a "USB SATA Enclosure" from your neighborhood Giant Computer Store.

strick9Author Commented:

Good questions.......lemme see.....
1)No.  I've had bad experiences trying to install things in safe mode.  If I can't get this hard drive in another computer in order to scan it for a Virus, I will try that.
2)more than 20 minutes
3)No.  Duh!  I will post that next.
4)No.  I think I'm doing that now, not sure if it's working though, doesn't show me any progress.
strick9Author Commented:
4 errors have shown up.  They are as follows:

Windows cannot access the file C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071118.016\CCERASER.DLL for one of the following reasons:  there is a problem with the network connection, the disk that the file is stored on, or the storage  drivers installed on this computer; or the disk is missing.  Windows closed the program Symantec Eraser Engine because of this error.
Program: Symantec Eraser Engine
The error value is listed in the Additional Data section.
User Action
1. Open the file again.  This situation might be a temporary problem that corrects itself when the program runs again.
2.  If the file still cannot be accessed and
      - It is on the network,  your network administrator should verify that there is not a problem with the network and that the server can be contacted.
      - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for  further assistance.
Additional Data
Error value: C000009C
Disk type: 3
For more information, see Help and Support Center at


Faulting application Rtvscan.exe, version, faulting module CCERASER.DLL, version, fault address 0x000a9f21.
For more information, see Help and Support Center at


wuauclt (980) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at


wuaueng.dll (980) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
For more information, see Help and Support Center at
strick9Author Commented:
Good news!

The ScanDisk must of found something and fixed it.  I didn't get to see it happen, but one minute it was running scandisk and the next minute it was booting up normally.  Only one problem though.......after I enter my login information it took like 3 or 4 minutes for the desktop to load completely.  This is much longer than normal.

Is it possible that some of these files are residing on faulty sectors?  How could I make that determination?
strick9Author Commented:
Nevermind.......second boot up went much smoother.  I think we are back in business.

Vic, thank you so much for your help, but I must give DEW the points as it was his suggestion to run ScanDisk.

Thank you both.
Sounds as though you had the same problem I did.
Which is why I mentioned "corrupted HDD." in my very first post.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.