Hello People

This is my friends computer - again. It seems she really got it messed up.

Also some programs missing from the start menu also, like system restore. I
was able to access system restore from the help and support, went back about
a month, but the icons did not come back.
Some minor spyware and adware infections were found.

Also, in msconfig I can't turn off some startup items. After I uncheck them
they keep coming back. They are:

ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).

Is there any way to get back her icons - I'm not even sure what she had
exactly -? Or are they gone forever?

Thank you.

In news:e3sPxWN$(E-Mail Removed),
Sirius <nospam22-(E-Mail Removed)> typed:
> Hello People
>
> This is my friends computer - again. It seems she really
> got it messed up.
> Also some programs missing from the start menu also, like
> system restore. I was able to access system restore from
> the help and support, went back about a month, but the
> icons did not come back. Some minor spyware and adware infections were
> found.
>
> Also, in msconfig I can't turn off some startup items.
> After I uncheck them they keep coming back. They are:
>
> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> Is there any way to get back her icons - I'm not even sure
> what she had exactly -? Or are they gone forever?
>
> Thank you.

Wow: Your post shows evidence that you are not prepared to take care of this
problem. A much faster and better fix will be to restore the disk from
backup. If it's not backed up, it should be, even if just for such a
situation as this so it's faster than manually restoring the OS.

If you didn't make backups for her, or taught her to do them, then
reinstalling the OS from scratch is all that's left to you.

BTW ntuser has to run or the system won't.

HTH,

Twayne`

What evidence shows that I am not prepared to take care of this?
I can follow complicated instructions. Can someone tell what exactly
happened here and why system restore did not work? Is this like a hard drive
crash? How about repair install? Would that work?
I can slave the drive if I have to.

No, she did not do backups, even though I kept telling her, she did not
listen.

"Twayne" <(E-Mail Removed)> wrote in message
news:enJ24CO$(E-Mail Removed)...
> In news:e3sPxWN$(E-Mail Removed),
> Sirius <nospam22-(E-Mail Removed)> typed:
>> Hello People
>>
>> This is my friends computer - again. It seems she really
>> got it messed up.
>> Also some programs missing from the start menu also, like
>> system restore. I was able to access system restore from
>> the help and support, went back about a month, but the
>> icons did not come back. Some minor spyware and adware infections were
>> found.
>>
>> Also, in msconfig I can't turn off some startup items.
>> After I uncheck them they keep coming back. They are:
>>
>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>
>> Is there any way to get back her icons - I'm not even sure
>> what she had exactly -? Or are they gone forever?
>>
>> Thank you.
>
> Wow: Your post shows evidence that you are not prepared to take care of
> this problem. A much faster and better fix will be to restore the disk
> from backup. If it's not backed up, it should be, even if just for such a
> situation as this so it's faster than manually restoring the OS.
>
> If you didn't make backups for her, or taught her to do them, then
> reinstalling the OS from scratch is all that's left to you.
>
> BTW ntuser has to run or the system won't.
>
> HTH,
>
> Twayne`
>
>

sometimes when the desktop
fails to load,

it is a sign of a problem with
the registry hive.

you might try opening the
task manager and killing all
instances of explorer.exe

then launch a new instance
of explorer.exe

however, given that you are
also unable to amend the
startups in msconfig,

the issues above may be
indicative of a serious problem
with the registry hive

the registry hive, like any file
on the disk can become un-
indexed by the mft.

there is also a possibility that
a program has locked up the
registry to keep it from being
modified.

the above can be caused by
malware or some anti viral
program that was intentionally
installed.

because there are several
methods to address the issue
or issues above,

my first suggestion is to
simply boot into safe
mode.

in there you can see if
performance is better than
in normal mode.

in there you can use system
restore and see if there is a
functional point to execute.

in there you can amend the
startups and services via
msconfig;

disabling all startups and
non microsoft services.

--
--
db·´¯`·...¸><)))º>

DatabaseBen, Retired Professional

~~~~~~~~~~~~~~~
This NNTP newsgroup is evolving to:

http://answers.microsoft.com/en-us/default.aspx


"Sirius" <nospam22-(E-Mail Removed)> wrote in message
news:e3sPxWN$(E-Mail Removed)...
> Hello People
>
> This is my friends computer - again. It seems she really got it messed up.
>
> Also some programs missing from the start menu also, like system restore.
> I was able to access system restore from the help and support, went back
> about a month, but the icons did not come back.
> Some minor spyware and adware infections were found.
>
> Also, in msconfig I can't turn off some startup items. After I uncheck
> them they keep coming back. They are:
>
> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> Is there any way to get back her icons - I'm not even sure what she had
> exactly -? Or are they gone forever?
>
> Thank you.
>

We have no idea as to what extent this PC is compromised by malware.

The first thing to do is copy all the data to an external hard drive. If
you need to slave the hard drive to your PC to accomplish this, then do
so.

Once you have copied the data and the drive is still slaved to your PC,
scan for malware, using this page as a guide:

http://www.elephantboycomputers.com/...moving_Malware

If you think that scanning for malware might take a very long time (and
sometimes it does, depending on the situation) or if you determine there
is too much malware on it, you should perform a Clean Install of the OS.

Once you are convinced everything is as it should be, do yourself a
favor (that is, if you intend on helping your friend in the future the
next time she screws things up): make an image of the hard drive so that
disaster recovery will be relatively simple.


Sirius wrote:
> What evidence shows that I am not prepared to take care of this?
> I can follow complicated instructions. Can someone tell what exactly
> happened here and why system restore did not work? Is this like a
> hard drive crash? How about repair install? Would that work?
> I can slave the drive if I have to.
>
> No, she did not do backups, even though I kept telling her, she did
> not listen.
>
> "Twayne" <(E-Mail Removed)> wrote in message
> news:enJ24CO$(E-Mail Removed)...
>> In news:e3sPxWN$(E-Mail Removed),
>> Sirius <nospam22-(E-Mail Removed)> typed:
>>> Hello People
>>>
>>> This is my friends computer - again. It seems she really
>>> got it messed up.
>>> Also some programs missing from the start menu also, like
>>> system restore. I was able to access system restore from
>>> the help and support, went back about a month, but the
>>> icons did not come back. Some minor spyware and adware infections
>>> were found.
>>>
>>> Also, in msconfig I can't turn off some startup items.
>>> After I uncheck them they keep coming back. They are:
>>>
>>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>>
>>> Is there any way to get back her icons - I'm not even sure
>>> what she had exactly -? Or are they gone forever?
>>>
>>> Thank you.
>>
>> Wow: Your post shows evidence that you are not prepared to take care
>> of this problem. A much faster and better fix will be to restore the
>> disk from backup. If it's not backed up, it should be, even if just
>> for such a situation as this so it's faster than manually restoring
>> the OS. If you didn't make backups for her, or taught her to do them,
>> then
>> reinstalling the OS from scratch is all that's left to you.
>>
>> BTW ntuser has to run or the system won't.
>>
>> HTH,
>>
>> Twayne`

It's happening in safe mode also.
Is there a way to manually extract a copy of the registry from a restore
point?

"Db" <databaseb~@hotmail.com> wrote in message
news:C1615B6A-FD0F-408B-ACAE-(E-Mail Removed)...
> sometimes when the desktop
> fails to load,
>
> it is a sign of a problem with
> the registry hive.
>
> you might try opening the
> task manager and killing all
> instances of explorer.exe
>
> then launch a new instance
> of explorer.exe
>
> however, given that you are
> also unable to amend the
> startups in msconfig,
>
> the issues above may be
> indicative of a serious problem
> with the registry hive
>
> the registry hive, like any file
> on the disk can become un-
> indexed by the mft.
>
> there is also a possibility that
> a program has locked up the
> registry to keep it from being
> modified.
>
> the above can be caused by
> malware or some anti viral
> program that was intentionally
> installed.
>
> because there are several
> methods to address the issue
> or issues above,
>
> my first suggestion is to
> simply boot into safe
> mode.
>
> in there you can see if
> performance is better than
> in normal mode.
>
> in there you can use system
> restore and see if there is a
> functional point to execute.
>
> in there you can amend the
> startups and services via
> msconfig;
>
> disabling all startups and
> non microsoft services.
>
> --
> --
> db·´¯`·...¸><)))º>
>
> DatabaseBen, Retired Professional
>
> ~~~~~~~~~~~~~~~
> This NNTP newsgroup is evolving to:
>
> http://answers.microsoft.com/en-us/default.aspx
>
>
> "Sirius" <nospam22-(E-Mail Removed)> wrote in message
> news:e3sPxWN$(E-Mail Removed)...
>> Hello People
>>
>> This is my friends computer - again. It seems she really got it messed
>> up.
>>
>> Also some programs missing from the start menu also, like system restore.
>> I was able to access system restore from the help and support, went back
>> about a month, but the icons did not come back.
>> Some minor spyware and adware infections were found.
>>
>> Also, in msconfig I can't turn off some startup items. After I uncheck
>> them they keep coming back. They are:
>>
>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>
>> Is there any way to get back her icons - I'm not even sure what she had
>> exactly -? Or are they gone forever?
>>
>> Thank you.
>>

This would be a waste of your time. There are probably issues with the
registry, so even if you could "extract a copy" of it, you wouldn't want
it. Address the issue of malware!

Sirius wrote:
> It's happening in safe mode also.
> Is there a way to manually extract a copy of the registry from a
> restore point?
>
> "Db" <databaseb~@hotmail.com> wrote in message
> news:C1615B6A-FD0F-408B-ACAE-(E-Mail Removed)...
>> sometimes when the desktop
>> fails to load,
>>
>> it is a sign of a problem with
>> the registry hive.
>>
>> you might try opening the
>> task manager and killing all
>> instances of explorer.exe
>>
>> then launch a new instance
>> of explorer.exe
>>
>> however, given that you are
>> also unable to amend the
>> startups in msconfig,
>>
>> the issues above may be
>> indicative of a serious problem
>> with the registry hive
>>
>> the registry hive, like any file
>> on the disk can become un-
>> indexed by the mft.
>>
>> there is also a possibility that
>> a program has locked up the
>> registry to keep it from being
>> modified.
>>
>> the above can be caused by
>> malware or some anti viral
>> program that was intentionally
>> installed.
>>
>> because there are several
>> methods to address the issue
>> or issues above,
>>
>> my first suggestion is to
>> simply boot into safe
>> mode.
>>
>> in there you can see if
>> performance is better than
>> in normal mode.
>>
>> in there you can use system
>> restore and see if there is a
>> functional point to execute.
>>
>> in there you can amend the
>> startups and services via
>> msconfig;
>>
>> disabling all startups and
>> non microsoft services.
>>
>> --
>> --
>> db·´¯`·...¸><)))º>
>>
>> DatabaseBen, Retired Professional
>>
>> ~~~~~~~~~~~~~~~
>> This NNTP newsgroup is evolving to:
>>
>> http://answers.microsoft.com/en-us/default.aspx
>>
>>
>> "Sirius" <nospam22-(E-Mail Removed)> wrote in message
>> news:e3sPxWN$(E-Mail Removed)...
>>> Hello People
>>>
>>> This is my friends computer - again. It seems she really got it
>>> messed up.
>>>
>>> Also some programs missing from the start menu also, like system
>>> restore. I was able to access system restore from the help and
>>> support, went back about a month, but the icons did not come back.
>>> Some minor spyware and adware infections were found.
>>>
>>> Also, in msconfig I can't turn off some startup items. After I
>>> uncheck them they keep coming back. They are:
>>>
>>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>>
>>> Is there any way to get back her icons - I'm not even sure what she
>>> had exactly -? Or are they gone forever?
>>>
>>> Thank you.

On May 26, 12:12*pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> It's happening in safe mode also.
> Is there a way to manually extract a copy of the registry from a restore
> point?
>
> "Db" <databas...@hotmail.com> wrote in message
>
> news:C1615B6A-FD0F-408B-ACAE-(E-Mail Removed)...
>
>
>
> > sometimes when the desktop
> > fails to load,
>
> > it is a sign of a problem with
> > the registry hive.
>
> > you might try opening the
> > task manager and killing all
> > instances of explorer.exe
>
> > then launch a new instance
> > of explorer.exe
>
> > however, given that you are
> > also unable to amend the
> > startups in msconfig,
>
> > the issues above may be
> > indicative of a serious problem
> > with the registry hive
>
> > the registry hive, like any file
> > on the disk can become un-
> > indexed by the mft.
>
> > there is also a possibility that
> > a program has locked up the
> > registry to keep it from being
> > modified.
>
> > the above can be caused by
> > malware or some anti viral
> > program that was intentionally
> > installed.
>
> > because there are several
> > methods to address the issue
> > or issues above,
>
> > my first suggestion is to
> > simply boot into safe
> > mode.
>
> > in there you can see if
> > performance is better than
> > in normal mode.
>
> > in there you can use system
> > restore and see if there is a
> > functional point to execute.
>
> > in there you can amend the
> > startups and services via
> > msconfig;
>
> > disabling all startups and
> > non microsoft services.
>
> > --
> > --
> > db·´¯`·...¸><)))º>
>
> > DatabaseBen, Retired Professional
>
> > ~~~~~~~~~~~~~~~
> > This NNTP newsgroup is evolving to:
>
> >http://answers.microsoft.com/en-us/default.aspx
>
> > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> >news:e3sPxWN$(E-Mail Removed)...
> >> Hello People
>
> >> This is my friends computer - again. It seems she really got it messed
> >> up.
>
> >> Also some programs missing from the start menu also, like system restore.
> >> I was able to access system restore from the help and support, went back
> >> about a month, but the icons did not come back.
> >> Some minor spyware and adware infections were found.
>
> >> Also, in msconfig I can't turn off some startup items. After I uncheck
> >> them they keep coming back. They are:
>
> >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> >> Is there any way to get back her icons - I'm not even sure what she had
> >> exactly -? *Or are they gone forever?
>
> >> Thank you.

If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
quarantined everything it found.

I was able to run a safe mode scan with mbam older version.
I can not get the new verison of mbam to work.
Keep getting the "mbam error expanding variables 0 9".
Every scan takes a very long time because there is a lot.

Now I am doing Avast boot time scanner. I'll post back with what you
suggested when finished.

Thanks again.

"Jose" <(E-Mail Removed)> wrote in message
news:e9433a4b-574a-4d1e-8d9f-(E-Mail Removed)...
On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> It's happening in safe mode also.
> Is there a way to manually extract a copy of the registry from a restore
> point?
>
> "Db" <databas...@hotmail.com> wrote in message
>
> news:C1615B6A-FD0F-408B-ACAE-(E-Mail Removed)...
>
>
>
> > sometimes when the desktop
> > fails to load,
>
> > it is a sign of a problem with
> > the registry hive.
>
> > you might try opening the
> > task manager and killing all
> > instances of explorer.exe
>
> > then launch a new instance
> > of explorer.exe
>
> > however, given that you are
> > also unable to amend the
> > startups in msconfig,
>
> > the issues above may be
> > indicative of a serious problem
> > with the registry hive
>
> > the registry hive, like any file
> > on the disk can become un-
> > indexed by the mft.
>
> > there is also a possibility that
> > a program has locked up the
> > registry to keep it from being
> > modified.
>
> > the above can be caused by
> > malware or some anti viral
> > program that was intentionally
> > installed.
>
> > because there are several
> > methods to address the issue
> > or issues above,
>
> > my first suggestion is to
> > simply boot into safe
> > mode.
>
> > in there you can see if
> > performance is better than
> > in normal mode.
>
> > in there you can use system
> > restore and see if there is a
> > functional point to execute.
>
> > in there you can amend the
> > startups and services via
> > msconfig;
>
> > disabling all startups and
> > non microsoft services.
>
> > --
> > --
> > db·´¯`·...¸><)))º>
>
> > DatabaseBen, Retired Professional
>
> > ~~~~~~~~~~~~~~~
> > This NNTP newsgroup is evolving to:
>
> >http://answers.microsoft.com/en-us/default.aspx
>
> > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> >news:e3sPxWN$(E-Mail Removed)...
> >> Hello People
>
> >> This is my friends computer - again. It seems she really got it messed
> >> up.
>
> >> Also some programs missing from the start menu also, like system
> >> restore.
> >> I was able to access system restore from the help and support, went
> >> back
> >> about a month, but the icons did not come back.
> >> Some minor spyware and adware infections were found.
>
> >> Also, in msconfig I can't turn off some startup items. After I uncheck
> >> them they keep coming back. They are:
>
> >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> >> Is there any way to get back her icons - I'm not even sure what she had
> >> exactly -? Or are they gone forever?
>
> >> Thank you.

If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

if you run out of options
to exercise as per the other
postings,

then you can manually
replace the registry hive
with a basic one that is
stored in the system
folder.

the basic one is created
at the time windows is
installed/setup.

if you install the basic
registry hive, then you can
use the desktop to replace
the basic registry with a
more current one.

--
--
db·´¯`·...¸><)))º>

DatabaseBen, Retired Professional

~~~~~~~~~~~~~~~
This NNTP newsgroup is evolving to:

http://answers.microsoft.com/en-us/default.aspx


"Sirius" <nospam22-(E-Mail Removed)> wrote in message
news:#l6kx4O$(E-Mail Removed)...
> It's happening in safe mode also.
> Is there a way to manually extract a copy of the registry from a restore
> point?
>
> "Db" <databaseb~@hotmail.com> wrote in message
> news:C1615B6A-FD0F-408B-ACAE-(E-Mail Removed)...
>> sometimes when the desktop
>> fails to load,
>>
>> it is a sign of a problem with
>> the registry hive.
>>
>> you might try opening the
>> task manager and killing all
>> instances of explorer.exe
>>
>> then launch a new instance
>> of explorer.exe
>>
>> however, given that you are
>> also unable to amend the
>> startups in msconfig,
>>
>> the issues above may be
>> indicative of a serious problem
>> with the registry hive
>>
>> the registry hive, like any file
>> on the disk can become un-
>> indexed by the mft.
>>
>> there is also a possibility that
>> a program has locked up the
>> registry to keep it from being
>> modified.
>>
>> the above can be caused by
>> malware or some anti viral
>> program that was intentionally
>> installed.
>>
>> because there are several
>> methods to address the issue
>> or issues above,
>>
>> my first suggestion is to
>> simply boot into safe
>> mode.
>>
>> in there you can see if
>> performance is better than
>> in normal mode.
>>
>> in there you can use system
>> restore and see if there is a
>> functional point to execute.
>>
>> in there you can amend the
>> startups and services via
>> msconfig;
>>
>> disabling all startups and
>> non microsoft services.
>>
>> --
>> --
>> db·´¯`·...¸><)))º>
>>
>> DatabaseBen, Retired Professional
>>
>> ~~~~~~~~~~~~~~~
>> This NNTP newsgroup is evolving to:
>>
>> http://answers.microsoft.com/en-us/default.aspx
>>
>>
>> "Sirius" <nospam22-(E-Mail Removed)> wrote in message
>> news:e3sPxWN$(E-Mail Removed)...
>>> Hello People
>>>
>>> This is my friends computer - again. It seems she really got it messed
>>> up.
>>>
>>> Also some programs missing from the start menu also, like system
>>> restore. I was able to access system restore from the help and support,
>>> went back about a month, but the icons did not come back.
>>> Some minor spyware and adware infections were found.
>>>
>>> Also, in msconfig I can't turn off some startup items. After I uncheck
>>> them they keep coming back. They are:
>>>
>>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>>
>>> Is there any way to get back her icons - I'm not even sure what she had
>>> exactly -? Or are they gone forever?
>>>
>>> Thank you.
>>>
>
>