Vista Desktop Access is denied

sgt_best
sgt_best used Ask the Experts™
on
I have a Vista Business laptop that boots to the following error.

c:\windows\system32\config\systemprofile\Desktop is not accessible.
Access is denied.

The desktop is black but can see the system tray, the start menu works but no programs will open.  
I can get to the command prompt & registry in Safe Mode but not the Control Panel.
Cannot get to My Computer.  Wanted to check permissions.
I checked the run and run once in current user and local machine and don't see anything unusual.
Doesn't want to let me connect to wifi in safe mode.
I uninstalled webroot that the customer installed.  Still has Norton Internet Security & Windows Defender
I checked the logs of Malwarebytes that the customer ran and had 0 found.
Ran scan with Norton Internet Security, nothing found.
PC takes forever to log off but finally does.

Saw some things on the internet to add a user then log off & log in as new user.  I was able to right click on Computer and choose manage and create a new user, added that user to the Administrator group....logged off and back on as new user and have the same issue.  

Kind regards.
SGT_Best


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
See if you can scan for malware in any mode or in safe mode. See if you can disable Windows Defender as you do not need both NIS and Defender. Try to get NIS running. If it is relatively new (2010, 2011) it can perhaps find the problem. .. Thinkpads_User
When you see black screen try this hit ctrl alt del on keyboard this will bring up task manager,then click file,choose new task(run),then type explorer.exe click ok this should start desktop post back with results.

Author

Commented:

I could see that the customer ran Malwarebytes and I ran Symantec with nothing found.
It may well have some type of root kit that neither of these can find.  If I could get a flash drive connected I would run hitman pro to look for a root kit.

The desktop is all black except for the recycling bin.  When I boot to safe mode I get the default program icons on the screen.  I don't know if this is all of the icons that the customer had.

I clicked on the Malwarebytes icon and about 20 seconds later it asks for permission to continue.  If you click continue it gives a runtime error '0'. Click OK then get runtime error '440'.

On the new user I did the ctrl alt del and the task manager comes up.  I tried to run explorer.exe.  a single line pops into the applications window and disappears.  Under processes explorer.exe is running.

The cursor disappeared and I had to hard shut down and restart.  I booted up to new user in safe mode and no icons just the dos screen that I had up before. I ran explorer.exe from the task manager again and the desktop icons, start menu and system tray appeared.

Under Services - almost every service is stopped.  I tried to run lmhosts and get an error Unable to Start Service.
 The operation could not be completed.  The dependency service or group failed to start.

I didn't mention that Dell came to service this PC and changed the motherboard.  I don't think that would have anything to do with what is going on but thought it should be mentioned.  I'd say the hardware is probably OK since I have a display, keyboard and mouse function.  It is just the OS that is acting up.

11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
The Windows Defender service is one that is stopped.
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Based on all that, something has hosed this machine. Probably the best course of action at this point is to back up all the data (email, docs, favourites) and re-install Vista fresh.

If you really have a rootkit (strong possibility here), some of them are near impossible to remove. ... Thinkpads_User

Author

Commented:
I have an external sata/ide to usb and can back up the data however I'm wondering if the permissions issues will still be there.
I had a similar situation recently.  I booted to safe mode with command prompt and ran TDSSKiller from a flash drive.  That removed the rootkit and I was able to boot to the user's profile and continue.

TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Good luck!!!
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
>>>  the permissions issues will still be there. <--- If the new install uses the same userid, then there should not be permission issues. You can always copy the data to a benign folder (not another My Documents folder) and give Everyone modify permissions. That usually allows you to move data. I sync data that way between computers with no permission issues.   ... Thinkpads_User
Try this you may have to run in safe mode.
http://www.combofix.org/

Author

Commented:
ran the following from command line in safe mode off of a flash drive:

ran TDSSkiller, processed 256 objects infection not found
ran combofix but the first line said it had permissions issues and needed to run those tasks as an administrator....
then the log file had a disk error when it tried to write it....
ran hitmanpro35 which found nothing...has found the alueron root kit many times for me....
installed & ran superantispyware complete scan - found 51 cookies....

if this is malware, it is a good one.

Author

Commented:
Had to reinstall Windows.  I don't like giving up but had to return the PC to customer.  Thanks to all for your replies.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thank you. I know reinstalling takes time. I was happy to help and good luck with your client. ... Thinkpads_User

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial