Jump to content

XP missing start menu programs and can't run any programs


Recommended Posts

I'm working on a friends computer, and like the topic says all the start menu items are gone, at least those to teh left side of it.  In addition I can't run any programs at all on it.  I have tried to run mbam.exe from the command line after opening the task manager and hitting ctrl and new task, and while mbam will show up in the processes there is no window opn showing what it is doing.  Any ideas what I can do here?  This is an OLD Dell rig running XP Home. 

 

thanks

atrdriver

 

 

Link to post
Share on other sites

For what it's worth I pulled the HD and put ijn my computer, ran malwarebytes and an avast scan and nothing was detected.  I have finally got mbam to run in chameleon mode, which it is doing right now.  I'll report what it ways if it ever finishes.  It is trying to update right now.

Link to post
Share on other sites

  • Root Admin

Please stop self medicating the computer.  Put it back in regular computer and log back in as the normal user.  If its not too late we might be able to get the files back.  If one of the other tools has attempted to fix this or some clean up work you've done then we may not be able to fix it.

 

Once back in the other computer then run this tool on it.

 

http://www.bleepingcomputer.com/download/unhide/

 

The let us know if that restored files or not and we'll continue from there.

Link to post
Share on other sites

Sorry, I wasn'lt aware that running a malware and virus scan was self medicating.  I was unable to run either through the system itself.  Either way, I ran the unhide tool and the log is attached.  One thing I noticed when trying to find the log file and copy it to a thumb drive so I could upload it, the dir it was in was c:\Documents and Settings\<user name.\TEMP\desktop.  Also, when I get a CMD window open by opening task manager and then holding ctrl while hitting new task, it open to c:\Documents and Settings\<user name>\TEMP\

 

The log file is attached, the files are still not there, explorer shows close to 100% proc utilization, and I still can't open any programs.

 

unhide.txt

Link to post
Share on other sites

  • Root Admin

Unfortunately this is an odd one and many tools don't address it is all.

 

Please see the following topic and see if you can use it to recover the shortcuts or not.

 

http://www.bleepingcomputer.com/forums/topic405109.html

 

If the files are there but you cannot use the computer due to an ongoing infection then see if you can copy the entire TEMP folder there to a USB drive then disconnect it and then we can look at cleaning it and manually recovering after the infection is removed.

Link to post
Share on other sites

Unfortunately this is an odd one and many tools don't address it is all.

 

Please see the following topic and see if you can use it to recover the shortcuts or not.

 

http://www.bleepingcomputer.com/forums/topic405109.html

 

If the files are there but you cannot use the computer due to an ongoing infection then see if you can copy the entire TEMP folder there to a USB drive then disconnect it and then we can look at cleaning it and manually recovering after the infection is removed.

 

Right now I am more worried that I am unable to open ANY probrams on this machine.  I can manually repopulate the start menu if necessary, but not being able to even open "my computer" isn't an easy thing to deal with.  Any ideas on this?  Should I run malwarebytes in chameleon mode?

Link to post
Share on other sites

  • Root Admin

Okay, go ahead then and run this.  It too is smart about that infection so if possible it can recover them too.

Be patient letting it run as it can take a lot longer than the 10 minutes it says on some computers.
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Ok I will run this in the morning and post the results. So far I have been unable to run any program at all, in either normal or safe mode, unless I start it from the task manager. I believe I can copy the file to the desktop however using the cmd window, as my computer will not open. I will post back results as early tomorrow as I can.

Thanks...

Link to post
Share on other sites

OK, ran Combofix this morning.  The first time I ran it the machine rebooted and left no log files.  I started it a second time, and at some point a dialog popped up saying the PEV.exe had stopped responding and to save my work, although the scan continued to run.  Once during install andf twice during the scan a EULA box popped up from SYSINTERNALS, I don't know if that is normal.  The one during the scan popped up at about step 47, and then went away on it's own.  The logfile from the second run is attached.

 

combofix-log.txt

Link to post
Share on other sites

The log looks good in that it was able to remove quite a bit.  Are you able to logon now in either Safe or Normal mode?

I left it alone after running it, not wanting to screw anything up. I'll check in a couple of hours when I get home. Did it look like it might have made it so programs can run?

Link to post
Share on other sites

OK, looks like I can finally open programs on it, and I am able to access "my Computer".  What I have noticed is that the profile that is active here is being stored in the "c:\documents and settings\TEMP" folder, but under the correct name.  Her actual profile files are located in a folder under her name, which still has all the start menu items and all her documents in it.  Is there an east way to change things back to where her named profile directs to the correct directory under Documents and Settings?

 

Thanks

Link to post
Share on other sites

  • Root Admin

I'm sure we can fix it but I'll need to look up some keys and send you some information a bit later tonight.

In the mean time please run the following for me.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.

 

 

 

Next, Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

Well not being able to stop your antivirus or get into it is not a good thing.  Let's try removing it and we'll reinstall it or something else if needed later on.

 

avg_remover_stf_x86_2014_4116.exe

 

Once that is removed please run Combofix one more time. and post back the new log.

Link to post
Share on other sites

  • Root Admin

If you know how then it would certainly be a much cleaner, safer, faster running OS.  Most users either can't or don't know how or don't want to rebuild but if you know how that is certainly a good option. 

 

Ensure that ALL the users data is backed up to an external drive and then FDISK, FORMAT, Re-install Windows.  Install drivers and Service Packs and get antivirus installed quickly (I've seen users get infected within an hour of being online - not sure how they managed that).

 

Up to you but let me know either way and if you need further assistance I'll try to help you out.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.