Desktop icons gone

[Sirius]

Hello People

This is my friends computer - again. It seems she really got it messed up.

Also some programs missing from the start menu also, like system restore. I
was able to access system restore from the help and support, went back about
a month, but the icons did not come back.
Some minor spyware and adware infections were found.

Also, in msconfig I can't turn off some startup items. After I uncheck them
they keep coming back. They are:

ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).

Is there any way to get back her icons - I'm not even sure what she had
exactly -? Or are they gone forever?

Thank you.

 

[Twayne]

In

Hello People

This is my friends computer - again. It seems she really
got it messed up.
Also some programs missing from the start menu also, like
system restore. I was able to access system restore from
the help and support, went back about a month, but the
icons did not come back. Some minor spyware and adware infections were
found.

Also, in msconfig I can't turn off some startup items.
After I uncheck them they keep coming back. They are:

ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).

Is there any way to get back her icons - I'm not even sure
what she had exactly -? Or are they gone forever?

Thank you.

Wow: Your post shows evidence that you are not prepared to take care of this
problem. A much faster and better fix will be to restore the disk from
backup. If it's not backed up, it should be, even if just for such a
situation as this so it's faster than manually restoring the OS.

If you didn't make backups for her, or taught her to do them, then
reinstalling the OS from scratch is all that's left to you.

BTW ntuser has to run or the system won't.

HTH,

Twayne`

 

[Sirius]

What evidence shows that I am not prepared to take care of this?
I can follow complicated instructions. Can someone tell what exactly
happened here and why system restore did not work? Is this like a hard drive
crash? How about repair install? Would that work?
I can slave the drive if I have to.

No, she did not do backups, even though I kept telling her, she did not
listen.

 

[Db]

sometimes when the desktop
fails to load,

it is a sign of a problem with
the registry hive.

you might try opening the
task manager and killing all
instances of explorer.exe

then launch a new instance
of explorer.exe

however, given that you are
also unable to amend the
startups in msconfig,

the issues above may be
indicative of a serious problem
with the registry hive

the registry hive, like any file
on the disk can become un-
indexed by the mft.

there is also a possibility that
a program has locked up the
registry to keep it from being
modified.

the above can be caused by
malware or some anti viral
program that was intentionally
installed.

because there are several
methods to address the issue
or issues above,

my first suggestion is to
simply boot into safe
mode.

in there you can see if
performance is better than
in normal mode.

in there you can use system
restore and see if there is a
functional point to execute.

in there you can amend the
startups and services via
msconfig;

disabling all startups and
non microsoft services.

--
--
db·´¯`·...¸><)))º>

DatabaseBen, Retired Professional

~~~~~~~~~~~~~~~
This NNTP newsgroup is evolving to:

http://answers.microsoft.com/en-us/default.aspx

 

[Daave]

We have no idea as to what extent this PC is compromised by malware.

The first thing to do is copy all the data to an external hard drive. If
you need to slave the hard drive to your PC to accomplish this, then do
so.

Once you have copied the data and the drive is still slaved to your PC,
scan for malware, using this page as a guide:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

If you think that scanning for malware might take a very long time (and
sometimes it does, depending on the situation) or if you determine there
is too much malware on it, you should perform a Clean Install of the OS.

Once you are convinced everything is as it should be, do yourself a
favor (that is, if you intend on helping your friend in the future the
next time she screws things up): make an image of the hard drive so that
disaster recovery will be relatively simple.

 

[Sirius]

It's happening in safe mode also.
Is there a way to manually extract a copy of the registry from a restore
point?

 

[Daave]

This would be a waste of your time. There are probably issues with the
registry, so even if you could "extract a copy" of it, you wouldn't want
it. Address the issue of malware!

 

[Jose]

It's happening in safe mode also.
Is there a way to manually extract a copy of the registry from a restore
point?

If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

 

[Sirius]

Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
quarantined everything it found.

I was able to run a safe mode scan with mbam older version.
I can not get the new verison of mbam to work.
Keep getting the "mbam error expanding variables 0 9".
Every scan takes a very long time because there is a lot.

Now I am doing Avast boot time scanner. I'll post back with what you
suggested when finished.

Thanks again.

It's happening in safe mode also.
Is there a way to manually extract a copy of the registry from a restore
point?

If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

 

[Db]

if you run out of options
to exercise as per the other
postings,

then you can manually
replace the registry hive
with a basic one that is
stored in the system
folder.

the basic one is created
at the time windows is
installed/setup.

if you install the basic
registry hive, then you can
use the desktop to replace
the basic registry with a
more current one.

--
--
db·´¯`·...¸><)))º>

DatabaseBen, Retired Professional

~~~~~~~~~~~~~~~
This NNTP newsgroup is evolving to:

http://answers.microsoft.com/en-us/default.aspx

 

[George]

About the desktop, could it possibly be something simple like:

Right click on desktop > Arrange Icons By > checkmark on Show
Desktop Icons ?

George

 

[PA Bear [MS MVP]]

QED: Why did it find anything?

Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
quarantined everything it found.

I was able to run a safe mode scan with mbam older version.
I can not get the new verison of mbam to work.
Keep getting the "mbam error expanding variables 0 9".
Every scan takes a very long time because there is a lot.

Now I am doing Avast boot time scanner. I'll post back with what you
suggested when finished.

Thanks again.



If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

 

[Sirius]

Unfortunately, no. Not so simple. The checkmark is there but does not mean a
thing....

 

[Sirius]

It found o.dat that was missed by mbam and dr. web.

 

[Sirius]

I was messing with msconfig because the new version of mbam would not run.

I have no icons in safe mode or in the safe mode admin account either.

I compare things to my healty computer and I don' t have the forementioned
files in the msconfig startup at all.


System Information report written at: 05/26/10 20:25:43
System Name: GATEWAY-6CVRK65
[System Summary]

Item Value
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name GATEWAY-6CVRK65
System Manufacturer Gateway
System Model 510 2900457
System Type X86-based PC
Processor x86 Family 15 Model 3 Stepping 3 GenuineIntel ~2992 Mhz
BIOS Version/Date Intel Corp. BF86510A.15A.0060.P11.0402181802, 2/18/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name GATEWAY-6CVRK65\Owner
Time Zone Eastern Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 642.43 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.66 GB
Page File C:\pagefile.sys


So mbam is not working I will try the other, if it starts it probably will
take a long time.

Thank you.

It's happening in safe mode also.
Is there a way to manually extract a copy of the registry from a restore
point?

If I were you, I would stop "trying" things. You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all? Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues. Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc. If SR is missing or borken, no problem - we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

 

[Daave]

So mbam is not working

This indicates a system seriously compromised by malware.

If you slave this drive to a working PC, mbam will then work.

 

[PA Bear [MS MVP]]

Why dint ur av app catch it?

It found o.dat that was missed by mbam and dr. web.

 

[PA Bear [MS MVP]]

+1

This indicates a system seriously compromised by malware.

If you slave this drive to a working PC, mbam will then work.

 

[Jose]

Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
quarantined everything it found.

I was able to run a safe mode scan with mbam older version.
I can not get the new verison of mbam to work.
Keep getting the "mbam error expanding variables 0 9".
Every scan takes a very long time because there is a lot.

Now I am doing Avast boot time scanner. I'll post back with what you
suggested when finished.

Thanks again.





If I were you, I would stop "trying" things.  You can try things all
day long nd it doesn't seem to be working very well.

Did booting in Safe Mode help you at all?  Describe what you learned
from that exercise and what you will do next.

You need to have some known starting point so get there and then work
on the issues.  Nothing you describe sounds too terrible, but some of
the ideas to get your system working are way overboard - but, you can
do what you want of course.

You should stop messing with msconfig, turning things off and on,
don't worry about extracting just registry files from a restore point,
etc.  If SR is missing or borken, no problem -  we can fix it later
but first you need to get stabilized.

If your system boots and can get on the Internet, you con't need to
slave it in another machine - fix it where it is.

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM):  http://malwarebytes.org/
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

They can be uninstalled later if desired.

MBAM does not recommend running in Safe Mode.

There was some issue on certain systems (especially with other
scanning tools installed) reporting the error like you describe with
MBAM 1.46.

It does not indicate a seriously compromised system. It indicates a
system that had had a bunch of other stuff run on it that can't tell a
legitimate file from a bad file (Avast!, Dr, Web Cureit!) and then the
system had been tampered with by the user (self inflicted wounds).

If you have MBAM 1.46:

Uninstall MBAM from Add/Remove Programs

Reboot

Download and run mbam-clean.exe from here:

http://www.malwarebytes.org/mbam-clean.exe

Reboot again.

Go back to malwarebytes.org and download version 1.45.

Install and do a full scan with MBAM 1.45

Sadly, I don't know what you mean about "doing things" to files in
your msconfig....

Your msinfo32 information looks fine to me.

 

[George]

Have you tried UNCHECKING it, rebooting, then CHECKING it and
rebooting again? May not do anything but you won't lose anything
by trying.