No desktop and Right-click after running SuperAntiSpyware

I am delighted to stumble upon this forum, and am impressed with all the active postings...thanks to ALL contributors.

I have researched this forum for similar posts, and although there are a few with similar sounding titles, my scenario is not addressed (happy to be proven wrong).

I have a XP machine with SP3 installed.

I was trying to clean up tons of malware downloaded by my kids and father-in-law onto a laptop, the firewall of which I accidentlly left down after routine troubleshooting.

I came across the READ and RUN instructions, and started following it verbatim, the only difference being : I was using wireless, so just disabled it instead of "pulling out the LAN cable". My Lan network connection was disable d to start with.

I got all the way upto running Super Anti Spyware, scanning, and Quarantine & Repairing.

However, when I clicked Finish, it rebooted directly (i.e. I did not get a chance to "Repair Broken Network Connection (WinSock LSP Chain)")

And then, when it rebooted, I do not have desktop, not can I right-click.

After this, I have tried the following from taskbar->new task,:
1) I started SAS again, hoping to rescan etc. The process starts (I can see it in the process list), but the window does not display. Could this be because of lack of network connection? At this point I do not know how to enable wither LAN or wireless connections.
2) I tried to bring up explorer (not sure what I would do with it..). But I get a message saying Windows cannot find Explorer.
3) I thought I should try to move on to next step and run Spybot. When I tried this, the window did seem to come up, but it stalled due to no network connection. It was trying to send some server address etc. and could not. So, I had to exit it.

I know you all will ask for the log files. But given the state of the laptop, I am not sure how to extract the log files.

Please help! I am happy to provide any additional information required.

thanks and hope I can resurrect my laptop!

 

Thanks for the prompt response..

1) I am able to run SAS through task manager, but the window of SAS does not display, it just runs as a background process.

2) Using your guidance, I was able to restore the laptop to a system checkpoint made before installation of SAS - this did not help. Then I restored to a point made last Friday adn this did not help either. The desktop is still blank with no ability to right-click.

3) Why I started running the READ & RUN ME FIRST :
it all started with the dreaded AntiVirus XP 2008 that got installed. I successfully removed it etc. but I kept getting the BSOD. What would actually happen is, if I did not do anything on the laptop, just left it on, every 1 minute or so, I would get the BSOD with a different message each time, and the system would restart. **BUT** what is amazing is that, during any of this happening, if I hit ESC, the laptop would go back to the Desktop. This is what prompted me to run the READ&RUN.


Also, with the desktop gone now, I still have the recurring BSOD. I am happy to write down the error codes for the BSODs if that will help.

thanks for your time.
:cry

 

Hello Chaslang, here are my replies:

If you bring up Task Manager and click File, New Task (Run...) and enter C:\windows\explorer.exe and click OK. Does your Desktop appear or do you get a message that explorer.exe cannot be found.

Ravi> I get message that explorer.exe cannot be found. Even if I 'Browse' to that file (i.e. I find it in the file picker), it says explorer cannot be found.

If you boot in safe mode, does your Desktop appear?
Ravi> NO. I tried Safe Mode with and without networking, but same deal.

Does the Desktop appear if you loging to another user account on the PC?
Ravi> NO.

Can you download and run MGtools.exe from the READ & RUN ME. If so, attach the requested MGlogs.zip file.

Ravi> I had already downloaded MGTools.exe. I was able to run this through TaskManager->New Task->Browse and copied the log file into a USB stick in a CMD window, and using another computer to upload the log to this forum.

(the networking on my laptop was turned off before all this began, and now I am unable to turn it on without desktop - I even tried "control ncpa.cpl" from command line in C:\Windows, and it gives me an error message "Windows cannot find 'null'...")

Hope this gives you some insight. The MGLogs.zip is attached.
thanks!

 

Hello Chaslang,

I do have a bootable CD.

I completed all of your instructions below, except I could not find the file ntos.exe. (there was a ntoskrnl.exe though)

Also, there were no files from today in the TMP folder, so the whole folder is gone now.

Still no desktop (not that I expected it to come up so quickly).

I await your next transmission! Thanks!

 

Here is the log from the second MGTools run.

I ran sfc /scannow from C:\ and it DID ask for Windows CD, to copy files into DLL cache. However, there was no change after rebooting.

I need to bring to your attention that the laptop was on SP3 originally and the rebootable CD is for SP2. (I realized this after the fact).

(Additionally, the second PC at home that I was using to process this thread and download stuff just got infected with the dreaded AntiVirus XP 2008, despite having firewall up etc. So, now I will be a little slower to process your replies, and have one more lemon on my plate:cry)

thanks for your help!

 

Hi Chaslang,

I just created a slipstreamed boot disk with SP3. Let me know if you like me to try this again.

thx!

 

Yes, last time I had MSConfig running while doing MGTools. This time around I killed MSConfig.

So, I took all of below steps that you asked me to and still no change. Latest log of MGTools is attached.

1) I ran SFC with SP3 disk - no desk top yet.
2) I uninstalled all below packages, logged back in as Admin in Safe mode - no desktop yet.
3) I killed MSConfig and ran MGTools, and I have attached the logs.

To be sure, if there is a way to enable Wireless or LAN network connection from the command line, I could proceed with the rest of the Read and Run Me.
Right now, main problem seems to be no network connection, and I need desktop to turn it on. But I will await your advice.
thanks!

 

Chaslang, you are God.
After following your instructions, the desktop came back up, along with right click etc. The wireless connection also came back up.

Attached is the MGLog from running latest MGTools.

What should I do next? start with SAS again? or continue with Read and Run?

I await your instructions.

 

Things seem OK. The booting is slightly slower, probably because SAS is starting..also, the PC seems to first go into wallpaper-only mode, but after 30 seconds or so, something else seems to take over and force the desktop to come on. I am OK with this, as long as there are no more remnants of the virus thing on my laptop.

Another issue is, the IE shortcut on my desktop seems to be altered. Instead of bringing up the browser, it says "Windows cannot create a shortcut here. Do you want the shortcut to be placed on the desktop instead?". This WAS the shortcut and it WAS on the desktop. And then if I go to Programs->IE, it does bring up the browser and it seems to work fine.

Also, the Norton 2002 was having Live Update (has a Live Update certificate valid till 2029 ) so it should have been current..

Also, I have not run the SpyBot and Malwarebytes, and Combofix as I got stuck after running SAS and then jumped directly to MGTools upon your advice.

Please tell me what I should do next.

 

Ravi: Log file is attached.

Also, I noticed the following problems:
1) Each time I boot, I get the message "Generic Host Process for Win32 service has encountered a problem and needs to close We are sorry...Tell Microsoft"
2) The SAS and MBAM are unable to get updates as "Firewall has blocked these programs from getting through". I checked few things, and all seems ok, but still these programs cannot get through to get updates.
3) I am unable to turn off the Wireless network connection now (the reverse of the earlier problem). this is OK, as long as its not because the trojan on my laptop wants to talk to mommy bigtime.
4) Also, my browser does not take me to just your forum. it works fine otherwise.

Anyway, its a lot of improvement from where I was. I have not backed up all the data I need, and close to wiping the HD clean. Please advise.

 

On the last line below, I meant "I have noW backed up all data..."
Sorry for confusion.

(wow, what a difference one letter can make)