Link to home
Start Free TrialLog in
Avatar of sgt_best
sgt_bestFlag for United States of America

asked on

Vista Desktop Access is denied

I have a Vista Business laptop that boots to the following error.

c:\windows\system32\config\systemprofile\Desktop is not accessible.
Access is denied.

The desktop is black but can see the system tray, the start menu works but no programs will open.  
I can get to the command prompt & registry in Safe Mode but not the Control Panel.
Cannot get to My Computer.  Wanted to check permissions.
I checked the run and run once in current user and local machine and don't see anything unusual.
Doesn't want to let me connect to wifi in safe mode.
I uninstalled webroot that the customer installed.  Still has Norton Internet Security & Windows Defender
I checked the logs of Malwarebytes that the customer ran and had 0 found.
Ran scan with Norton Internet Security, nothing found.
PC takes forever to log off but finally does.

Saw some things on the internet to add a user then log off & log in as new user.  I was able to right click on Computer and choose manage and create a new user, added that user to the Administrator group....logged off and back on as new user and have the same issue.  

Kind regards.
SGT_Best


Avatar of John
John
Flag of Canada image
See if you can scan for malware in any mode or in safe mode. See if you can disable Windows Defender as you do not need both NIS and Defender. Try to get NIS running. If it is relatively new (2010, 2011) it can perhaps find the problem. .. Thinkpads_User
Avatar of joinaunion
joinaunion
Flag of Canada image
When you see black screen try this hit ctrl alt del on keyboard this will bring up task manager,then click file,choose new task(run),then type explorer.exe click ok this should start desktop post back with results.
Avatar of sgt_best
sgt_best
Flag of United States of America image

ASKER


I could see that the customer ran Malwarebytes and I ran Symantec with nothing found.
It may well have some type of root kit that neither of these can find.  If I could get a flash drive connected I would run hitman pro to look for a root kit.

The desktop is all black except for the recycling bin.  When I boot to safe mode I get the default program icons on the screen.  I don't know if this is all of the icons that the customer had.

I clicked on the Malwarebytes icon and about 20 seconds later it asks for permission to continue.  If you click continue it gives a runtime error '0'. Click OK then get runtime error '440'.

On the new user I did the ctrl alt del and the task manager comes up.  I tried to run explorer.exe.  a single line pops into the applications window and disappears.  Under processes explorer.exe is running.

The cursor disappeared and I had to hard shut down and restart.  I booted up to new user in safe mode and no icons just the dos screen that I had up before. I ran explorer.exe from the task manager again and the desktop icons, start menu and system tray appeared.

Under Services - almost every service is stopped.  I tried to run lmhosts and get an error Unable to Start Service.
 The operation could not be completed.  The dependency service or group failed to start.

I didn't mention that Dell came to service this PC and changed the motherboard.  I don't think that would have anything to do with what is going on but thought it should be mentioned.  I'd say the hardware is probably OK since I have a display, keyboard and mouse function.  It is just the OS that is acting up.

Avatar of sgt_best
sgt_best
Flag of United States of America image

ASKER

The Windows Defender service is one that is stopped.
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sgt_best
sgt_best
Flag of United States of America image

ASKER

I have an external sata/ide to usb and can back up the data however I'm wondering if the permissions issues will still be there.
Avatar of phototropic
phototropic
I had a similar situation recently.  I booted to safe mode with command prompt and ran TDSSKiller from a flash drive.  That removed the rootkit and I was able to boot to the user's profile and continue.

TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Good luck!!!
Avatar of John
John
Flag of Canada image
>>>  the permissions issues will still be there. <--- If the new install uses the same userid, then there should not be permission issues. You can always copy the data to a benign folder (not another My Documents folder) and give Everyone modify permissions. That usually allows you to move data. I sync data that way between computers with no permission issues.   ... Thinkpads_User
Avatar of joinaunion
joinaunion
Flag of Canada image
Try this you may have to run in safe mode.
http://www.combofix.org/
Avatar of sgt_best
sgt_best
Flag of United States of America image

ASKER

ran the following from command line in safe mode off of a flash drive:

ran TDSSkiller, processed 256 objects infection not found
ran combofix but the first line said it had permissions issues and needed to run those tasks as an administrator....
then the log file had a disk error when it tried to write it....
ran hitmanpro35 which found nothing...has found the alueron root kit many times for me....
installed & ran superantispyware complete scan - found 51 cookies....

if this is malware, it is a good one.
Avatar of sgt_best
sgt_best
Flag of United States of America image

ASKER

Had to reinstall Windows.  I don't like giving up but had to return the PC to customer.  Thanks to all for your replies.
Avatar of John
John
Flag of Canada image
Thank you. I know reinstalling takes time. I was happy to help and good luck with your client. ... Thinkpads_User