Another Windows XP Recovery attack

Malwarebytes and Spybot are not antivrus so you can have both those running. For the start menu you can try this:
Go to start>run and copy/paste whats below in the Run window, click ok or enter. Reboot your computer and see if that helped.

regsvr32 /i shell32.dll
 
Download this. Save it to your desktop, doubleclick it and allow it to merge into the registry.
You can also try this by clicking on the Fix It botton and downloading it to your desktop, then double click it.
 
I tried both items suggested. I downloaded installed and rebooted the first one, then the other.
No luck with either one.
I went back and started checking each program from the add/remove screen. Some programs do have a "repair" feature, others don't. The "repair" feature is what I used to get the IntelProset to work. Would this be advisable to try that with the programs that have it?
 
ok. Yet another thing to try. Double click the My Computer icon on the desktop. Right click on your documents folder icon and select properties. Next to Attributes: make sure that Hidden is not checked.
 
I checked per your instructions, nothing was checked.
I have included another screen shot, maybe this will reveal something.
 
ok thanks. check the same thing for your folder, the one you show is All Users.
If you right click on start>explore, in the left column right click on your folder>properties and check the attributes.
 
Per your request, checked properties, were not checked.
I also checked various folders and they were not checked either.
See attached.
 
Well we have tried several different things. I assume it would have been a registry fix. Let me get a second look at the logs you posted.
 
Dont see any malware. You sent a screenshot of your add/remove programs panel a few posts back. It looked ok to me. Whats wrong with it?
Another download to try.
 
Last edited:
No problem. The link in my last post is for the start menu issue. You can try running combofix again, I think you had to run it in safe mode last time if I remember. You can try running it again normally first, then go to safe mode if you have to. If you can run it normally it will update itself first. If you cant run it normally then boot into safe mode and this time chose the option safe mode with networking. This is so combofix can get the updates before running.
 
Well, ran Combofix from the normal window, no luck. The strange thing is that when you look at the properties of a program link from the start menu, it shows 0 bytes and no directory, however, I can find and run that program if I tunnel down to the program folder it self.
I have attached the latest log file from combofix. :sad:
 
The log looks ok. Scareware often uses these tricks but running antimalware and/or registry fixes will correct them. Running combofix was to check for any malware again and I didnt see any. The other fixes were registry fixes which havent worked.
Try this Extract it to your desktop and double click to run it.
 
Your not going to believe this.....no luck.
Saved it to desktop, shut down all av programs, double clicked it, asked if I wanted to install, said yes, showed successful. Rebooted and then no luck.
Let me say this.....thank you very much for all the help so far, sure hope we can get this cleared up so that you can help someone else.
 
ok I see you have Superantispyware. It has some repair features you can try but iam pretty sure these are going to be reg fixes which we have already tried. If they dont work then we can try copying a user profile or manually copying them back in. Kind of tedious but you could do it just for apps you use most often.

Launch SAS and from the main window click on preferences then the repairs tab. You can try by clicking on these listed below then select Perform Repair:
Remove Explorer Policy Restrictions
Reset Winlogon Shell
Probably have to reboot after each one.
 
Well, no luck at all. I even tried running a couple of the other repair features of SAS, but still no luck.
Let me ask this, there couldn't still be some sort of cover or protector over the top of the "All Users" profile, could there?
Everytime I ran the SAS repair, after reboot, at the start menu, it showed "new program installed". When I looked at the "all programs" list, I did not see any new programs installed, everything still shows "empty".
 
You must log in or register to reply here.
Back
Top