Can't access "run" so that I can run msconfig

Trying to do read and run me... but hitting an early road block. When I click on "Run" the following message pops up:

"Windows cannot create a shortcut here. Do you want the shortcut to be placed on the desktop instead?" With a yes or no selection.

Clicking yes creates a shortcut on the desktop that does nothing when clicked on. Not sure how to correct this but I am pretty sure if I can't even access msconfig, I can't really get the ball rolling.

Anyone have ideas on how to get past this? Or should I just try to do everything in read and run me first minus msconfig stuff?

Little history, this computer is infected with trojans, fairly certain of this... I don't do anything that involves sensitive info on this computer because my work/school schedule never allows me enough time to try and tackle this. Still, it's obviously not good to have a computer with all this bad crap on it so I want to try and get rid of it.

 

If you have not changed anything in MSConfig, it will be in Normal mode. Whether you've changed it or not, if you can't get to it now, please continue on with the READ & RUN ME and post the logs you get. What you describe may be the result of a malware issue. By the way, did you try getting to run in safe mode as well?

abri

 

OK, I proceeded as best I could through read and run me but did run into a few snags which may or may not be malware related. First, in regards to changing settings so that hidden files are visible, every time I checked it both buttons were checked at the same time. I have attached an image so that you can see what I mean. Hiddenfiles.jpg Also, the aforementioned issues with running msconfig still happen.

Reboot in safe mode, CCleaner, and Scan with Spybot went fine, Downloaded and installed Counterspy but it kept crashing as I tried to run it so I went with my previously installed AVG for the scan and included it below. A while back I removed Internet explorer and both bitdefender and Pandascan require IE. Tried downloading ie7 but it kept failing to install, even after disabling any protection software I was running. So unfortunately, I couldn't run either of these scans. If you have any thoughts on why IE 7 won't install... it seems to go fine then at the last second says install failed and to restart and try again.

Anyway, didn't seem like there was much else I could do so I went ahead and ran the getrunkey, shownew, and hijack this. See logs below. I should mention that my computer generally runs OK and all the scans I did didn't come up with a TON of stuff but then again, if what I have has disabled msconfig and the ability to view hidden files it may be very good at hiding.

 

additional logs...

 

Small update... I missed your last question above where you asked if I can access msconfig in safe mode... so I rebooted real quick to check and it turns out I can. I then booted back into normal mode and all of a sudden, I can access it in normal mode now too.

Also, Counterspy seems to be blocking something that wasn't popping up before... It keeps popping up that MS5893FA.DLL is trying to load, I chose to have counterspy quarantine this.

 

Hi TheGarnisher!

How did you remove Internet Explorer? Did you use add/remove Windows Components located in the Add/Remove Programs part of your computer and simply uncheck it? Or did you remove it by some other method? If so, please let me know how you did it. Some of your problems may be related to this.

To begin with, we will try to correct the hidden files quirk. See if this will work:

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

After you've done this, please do GetRunKeys* (runkeys.bat) again and get another log. To do this:

Before you upload the runkeys.txt file here as an attachment, please look at your Windows Explorer settings and see if you are still getting that problem you showed in your screen shot. If the problem is still there, please attach the runkeys log with your answer about Internet Explorer and post it. If the problem in your screen shot is fixed, please additionally do another Shownew* and post the newfiles log with it.

Thanks.
abri

 

Regarding, IE... this is going to sound bad but I don't really even remember deleting it. I asked my wife who also occasionally uses this computer and she tells me I deleted it a while back. To be honest I have no memory of this but I imagine that if I did, it would have been through add/remove programs somehow.

Your registery fix seemed to resolve the issue of hidden files so I went ahead and did both scans... see attached.

 

It's possible that you might not have deleted IE at all, but that you unchecked it in your add/remove programs. That's the correct way to remove it, and if you did that it can be put back in. Go to add/remove programs and click on the add/remove Windows Components. There is a list of different things which are either being used if checked, or which are not being used if unchecked. See if Internet Explorer is on the list and if so, check it and that should bring it back. If that works, you should be able to run the Panda and BitDefender scans and post those logs. You have to have Active X enabled and you may want to go back and check the exact instructions for those two scans in the READ & RUN ME FIRST point 6.

I'll wait to hear back from you either way.
abri

 

OK, IE shows up in the list with 0 MB next to it suggesting it is completely gone. Weirdly, it already had a check mark in it. If I try to reinstall from here it asks for a disk. This computer was built for me by a friend and I don't actually have a windows disk so that was out. I'm going to try and troubleshoot why IE 7 won't install and see what I can do with that, but I wanted to respond in the meantime.

One other thing, any time I restart the computer or even log out and log back in the problem with the hidden files thing happens again. Merging the fixME file fixes it again but something is definitely acting on it. However, the issue with accessing msconfig seems to be gone for good.

Also, I think I messed up before with my getrunkey and newfile by not clicking apply after the reg edit fix.

So I ran them again for you... making sure the hidden files were visible this time. See attached...

Finally, on one of my restarts, a got a blue screen with a windows logo and it seemed like some kind of windows based spyware thing. It said it was scanning and deleting any spyware it found but I've never seen this before so I don't know what activated it. I'm sorry I don't have a screenshot of this, I didn't think to take one.

 

Hi Garnisher!

It's okay for IE to show 0.0 MB. That doesn't mean it's gone. Did you ever do a search for iexplore.exe to make sure it's not on your computer? Also, when you say "if I try to reinstall from here (from where?), it asks for a disk". Does this mean, although it's checked in the list, you uncheck it and then go back in and recheck it? If you can't find it with a search, post in the software section to get help with that. If you do find iexplore.exe, double click on it and see if you can run the panda and bitdefender scans with it.

Did clicking on apply cause the hidden files to stay visible with your next reboot or do you still have to run the regfix each time?

The oddities of your computer may be more software than malware related. We'll see where we get with this, but I may end up sending you over to the Software Forum for help with the IE problem if it's really not on your computer.

Your versions of the GetRunKeys and ShowNew are old versions. Sorry I didn't catch this earlier! Please go to the READ & RUN ME FIRST file and scroll down to Point 4 and reinstall GetRunKeys and ShowNew, and run them one more time and post the runkeys and newfiles logs as attachments to your next post.

Please do the following:

In your above statement, what do you mean it keeps trying to load and that it's popping up? During the Counterspy scan? Is Counterspy detecting it as malicious or some kind of unknown software? I'm curious what this is and I can't answer that yet. Did Counterspy give you a log? If so, can you add it to the others?

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

After clicking Fix, exit HJT.

Go to C:/Program Files/Hijack This/Analyze.exe.exe and rename it Analyze.exe. Run it again and get a fresh log and post it with the two updated versions of the newfiles and runkey logs. If you have a log for Counterspy, please post that with these other three.

I would like for you to run Disable/Remove Windows Messenger but not until AFTER you've worked out the Internet Explorer issue. If you're working without a cd, that's always a bit more problematic.

abri