wounded XP

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Customer brought in a XP Home SP2 system that is doing some rather strange
things. For starters, the Start button is missing. The system does respond to
the Windows key by presenting the start menu, but the only thing showing in
the left column is All Programs, and the only thing showing in the right hand
column is My Documents. Where the other common elements should be (Control
Panel, Search, etc), there is nothing but start menu background. Browsing All
Programs shows most things, minus the icons. In Explorer and Internet
Explorer, File, View, Tools, etc do not appear. Again, there is just blank
background color.

When I try to run any mmc, I get a message saying that "the application has
failed to start because the application configuration is incorrect" and it
suggests using regsvr32 to register an associated dll, but attempting this
returns the same sort of error message. Attempting to run regedit and most
other applications returns the same sort of error. For applications that do
run, no button shows up on the task bar.

After running a repair reinstall of xp and finding no joy, I ran a couple
relevant vbs scripts from Kelly'sCorner but these had little effect. I booted
w/BartPE, loaded the machine's registry and checked some of the applicable
reg fixes from his site and all seems well with respect to that.

The machine had been working fine until the other day when the customer saw
the screen saver "in use and locked" prompt, hit OK to go back in and found
that things weren't working.

While in BartPE, I ran hijackthis and did not see anything suspicious except
for something called HookupFinder. Google did not reveal that this is
malware, but disabling it made no difference. Since AutoRuns won't run on
this machine, I haven't been able to peer more deeply into what is running
behind the scenes.

Anyone seen this before and/or know how to fix it, short of a clean reinstall?
 
wyocowboy said:
Customer brought in a XP Home SP2 system that is doing some rather strange
things. For starters, the Start button is missing. The system does respond
to
the Windows key by presenting the start menu, but the only thing showing
in
the left column is All Programs, and the only thing showing in the right
hand
column is My Documents. Where the other common elements should be (Control
Panel, Search, etc), there is nothing but start menu background. Browsing
All
Programs shows most things, minus the icons. In Explorer and Internet
Explorer, File, View, Tools, etc do not appear. Again, there is just blank
background color.

When I try to run any mmc, I get a message saying that "the application
has
failed to start because the application configuration is incorrect" and it
suggests using regsvr32 to register an associated dll, but attempting this
returns the same sort of error message. Attempting to run regedit and most
other applications returns the same sort of error. For applications that
do
run, no button shows up on the task bar.

After running a repair reinstall of xp and finding no joy, I ran a couple
relevant vbs scripts from Kelly'sCorner but these had little effect. I
booted
w/BartPE, loaded the machine's registry and checked some of the applicable
reg fixes from his site and all seems well with respect to that.

The machine had been working fine until the other day when the customer
saw
the screen saver "in use and locked" prompt, hit OK to go back in and
found
that things weren't working.

While in BartPE, I ran hijackthis and did not see anything suspicious
except
for something called HookupFinder. Google did not reveal that this is
malware, but disabling it made no difference. Since AutoRuns won't run on
this machine, I haven't been able to peer more deeply into what is running
behind the scenes.

Anyone seen this before and/or know how to fix it, short of a clean
reinstall?
Click to expand...

I would recommend booting to safe mode (if you can) run vcleaner.exe (see
link below). Also run another good antivirus app in safe mode with a deep
scan.

Uninstall the screensaver! Screensavers are cutesy crap that is totally
unnecessary since the evolutionary leap from CRTs to TFT and LCD monitors.

Do a general cleanup (e.g., internet temps, .tmp files, recycle bin, etc.).

Do a repair install of XP if necessary.

Vcleaner
http://free.grisoft.com/doc/28628/lng/us/tpl/v5

Symantec Removal Tools
http://www.symantec.com/enterprise/security_response/removaltools.jsp?src=symsug_us

Mark
 
Mark said:
I would recommend booting to safe mode (if you can) run vcleaner.exe
(see link below). Also run another good antivirus app in safe mode
with a deep scan.

Uninstall the screensaver! Screensavers are cutesy crap that is
totally unnecessary since the evolutionary leap from CRTs to TFT and
LCD monitors.
Do a general cleanup (e.g., internet temps, .tmp files, recycle bin,
etc.).
Do a repair install of XP if necessary.

Vcleaner
http://free.grisoft.com/doc/28628/lng/us/tpl/v5

Symantec Removal Tools
http://www.symantec.com/enterprise/security_response/removaltools.jsp?src=symsug_us

Mark
Click to expand...

You're accepting computers for repair and haven 't run a suite of
disk/virus/malware/hack/health scans?
I would suggest you farm that out to someone with more knowledge than you
have.

Pop`
 
Mark F. said:
I would recommend booting to safe mode (if you can) run vcleaner.exe (see
link below). Also run another good antivirus app in safe mode with a deep
scan.

Uninstall the screensaver! Screensavers are cutesy crap that is totally
unnecessary since the evolutionary leap from CRTs to TFT and LCD monitors.

Do a general cleanup (e.g., internet temps, .tmp files, recycle bin, etc.).

Do a repair install of XP if necessary.

Vcleaner
http://free.grisoft.com/doc/28628/lng/us/tpl/v5

Symantec Removal Tools
http://www.symantec.com/enterprise/security_response/removaltools.jsp?src=symsug_us

Mark
Click to expand...

As far as I know, it is not possible to uninstall the Microsoft XP screen
saver.

Same thing occurs in safe mode, and as I mentioned in my post, I've already
tried a repair reinstall.
 
Poprivet said:
You're accepting computers for repair and haven 't run a suite of
disk/virus/malware/hack/health scans?
Click to expand...

In order to run an AV/malware/hack scan from within XP, you have to be able
to run an .exe. As I mentioned in my post, most .exe will not run, and
programs will not install. Slaving a drive to another system and running a
scan is a poor substitute, in my experience, because it cannot inspect the
registry of the target OS. The only way I can get an exe to run is if I boot
w/BartPE. I don't know of any BartPE plugin for Autoruns, do you?
I would suggest you farm that out to someone with more knowledge than you
have.
Click to expand...

I've been doing this for a living for about 20 years, Pop, I would suggest
that you refrain from making judgements where you are obviously not qualified.
 
wyocowboy said:
The machine had been working fine until the other day when the
customer saw the screen saver "in use and locked" prompt, hit OK to
go back in and found that things weren't working.
Click to expand...

Well, I think we have a probable cause. :-)

Was this a screensaver that came with Windows, or was it one which had
been downloaded from the Net?

Can you disable the screensaver?

Have you scanned for viruses and other malware either in Safe Mode or
from a boot disk?

Did you run under another profile?

Did you try altering the policy settings mentioned here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q292504

Additionally, check if the same values are found in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ex
plorer

hth
 
Daave said:
Well, I think we have a probable cause. :-)

Was this a screensaver that came with Windows,
or was it one which had
been downloaded from the Net?
Click to expand...
Can you disable the screensaver?

Have you scanned for viruses and other malware either in Safe Mode or
from a boot disk?

Did you run under another profile?

Did you try altering the policy settings mentioned here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q292504

Additionally, check if the same values are found in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ex
plorer

hth
Click to expand...

Most of your questions are already answered in my previous responses. I did
check out the explorer policy settings - are you saying that they don't get
reset from an xp repair reinstall? Not sure how start menu settings would
prevent programs from running from the comand line...
 
Daave said:
Well, I think we have a probable cause. :-)

Was this a screensaver that came with Windows, or was it one which had
been downloaded from the Net?

Can you disable the screensaver?

Have you scanned for viruses and other malware either in Safe Mode or
from a boot disk?

Did you run under another profile?

Did you try altering the policy settings mentioned here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q292504

Additionally, check if the same values are found in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ex
plorer

hth
Click to expand...

The screen saver is the one that is built into xp.
 
wyocowboy said:
Most of your questions are already answered in my previous responses.
I did check out the explorer policy settings - are you saying that
they don't get reset from an xp repair reinstall? Not sure how start
menu settings would prevent programs from running from the comand
line...
Click to expand...

I didn't see that you checked for viruses or spyware (perhaps I missed
it).

Anyway, Googling, I found:

http://groups.google.com/group/microsoft.public.windowsupdate/msg/ebf8aa88476f1c33

A repair install *should* work, provided it has SP2. Otherwise, you
might as well backup data, format, and perform a clean install.
 
Daave said:
I didn't see that you checked for viruses or spyware (perhaps I missed
it).

Anyway, Googling, I found:

http://groups.google.com/group/microsoft.public.windowsupdate/msg/ebf8aa88476f1c33

A repair install *should* work, provided it has SP2. Otherwise, you
might as well backup data, format, and perform a clean install.
Click to expand...

Yes, there are a number of google hits on the missing start button, but so
far, none of them have applied to this situation.

As I stated, a repair reinstall did not work.
 
wyocowboy said:
Yes, there are a number of google hits on the missing start button,
but so
far, none of them have applied to this situation.

As I stated, a repair reinstall did not work.
Click to expand...

Yes, I know. (But was it from a disk containing SP2?)

Anyway, it looks like a clean install is in order (assuming your
situation is not related to malware--I'm not sure whether or not we have
ruled that out).
 
Daave said:
Yes, I know. (But was it from a disk containing SP2?)
Yes.



Anyway, it looks like a clean install is in order (assuming your
situation is not related to malware--I'm not sure whether or not we have
ruled that out).
Click to expand...

Even if it is related to malware, it looks like a clean reinstall. Hard to
rule malware out when you can't run any of the customary tools. Manually
parsing the registry looking for an infection is such a PITA that I don't do
it anymore.
 
Back
Top