Problem with permissions Windows XP SP3 on Dell Latitude Laptop

Customer brought in a Dell Latitude laptop running Windows XP Pro.

About two weeks ago, she thinks it was when adobe flash player was updating itself, things went screwy on her windows desktop.    She lost her original desktop picture and can’t change anything on her desktop.  

There’s a grab bag of symptoms.  
I go into display properties advanced settings, I can try to change something, like icon size or icon font,  but it won’t change.  I go to control panel and try to change to ‘classic view’.  That won’t change. After doing something I saw: Windows script host – access denied
I created a second administrative id.  I can change display settings there and switch to classic view.  But screwy things are still going on.  

On either id, whenever I click on ‘control panel’ or ‘my computer’…  Windows installer comes up and says “preparing to install”. The message flashes and then goes away. But it never installs anything or says what it’s preparing to install.  
I uninstalled Norton 360 because I thought it might have something to do with that.  I also completely uninstalled HP products because I was getting a message all the time that one of their programs was trying to install. No change.  I also updated flash player because the client mentioned that.  

I ran Trendmicro Housecall and a full Malwarebytes anti-malware scan and came up with nothing.  
I installed Avast for anti-virus.  
I installed msicuu2.exe, the windows installer cleanup utility and looked for failed uninstalls.

I did a repair install of Windows XP Pro SP2.  Thought that should do it, but it didn’t.

I installed process explorer and saw that update.exe and svchost.exe netsvcs were using lots of cpu. I stops BITS and Windows Update.  That cut the cpu usage but still had the problems.  

There was something screwy involving IE.  After doing the XP repair install I had IE6 on the computer. I think I got in once and tried Windows update but that went forever. (After trying lots of things it gets a bit confused.)  After that it wouldn’t come in and/or referred me to Firefox.

I tried to install IE8 by direct download but always got this message:

“KB218440 – The version of Internet Explorer you  have installed does not match the update you are trying to install.”

I finally was able to update to SP3 using the direct download.  Tried to install IE8 and got the same message.  
I was able to install IE7 by direct download.  
Tried to install IE8 again and got the same message.

I just restarted Windows automatic update.  It downloaded and installed updates successfully. Lo and behold, it successfully updated to IE8.  But on the owners userid whenever I start IE it’s like I’ve started it for the first time.  It asked me about suggested sites, defaults, etc.  
A bar at top: “your current security settings put your computer at risk.  Click here to change security settings”.  This happens even when I change the settings. My guess is that this is a symptom and not the cause. I went into Internet options and tried to restore the advanced settings.  Couldn’t do it. Still getting “preparing to install whenever I try control panel or my computer. Still can’t switch to classic view in the control panel.  

So something somewhere is screwed up. Permissions?  Registry?  How do I unscrew it?

Alan SilvermanOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
That sounds most like the user has gone to dodgy places, now has a severe virus, and it needs to be cleaned up (if, indeed, it can be cleaned up, because some viruses are too severe to clean up).

Get Malwarebytes and run it, see what it finds. Get a rootkit revealer (Microsoft System Internals) and run that. Then get a good AntiVirus suite (never free) and install that.

There is a reasonable chance you will have to re-install XP. XP is fine and will run everything above if it is virus-free. .... Thinkpads_User
If you think permissions generally may be an issue, you should be able to fix them like this:
Log in as an administrative user, open a command prompt, and try the following command (all one line).  I've added extra spaces for clarity.

secedit.exe  /configure  /db  Permissions.sdb  /cfg  "c:\windows\security\templates\setup security.inf"

This will reset file system permissions to what they should be.

The user's profile sounds a bit wrecked though so you may just want to make a new one.  If you log on as the unaffected administrative user, and then rename the dodgy profile under C:\Documents and Settings, then an entirely new fresh one will be created when that user next logs in.  Because the old profile folder was merely renamed, you can go into it and copy files out of the Documents, Desktop, Favorites folders etc and put them into the new profile folder structure.

You might want to have a look at Dial-A-Fix (XP only) as that can fix things like Windows Update and Windows Installer.
I think RogueKiller needs to be run before MBAM... (the original post said a full MBAM scan was done already and it didn't find anthing).

Can you start the Windows Firewall service?
Is the Security Center service running?
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Alan SilvermanOwnerAuthor Commented:
firewall and security center are running.
thinkpads_user I put on Avast free antivirus which has been better than any of the for-pay antiviruses I've found.  I've put it on dozens of computers. (Been burned too often by Norton and McAfee).  
running sophos anti-rootkit. gut feel is it won't find anything.  I'll also run sysinternals.  
cantoris, will try your solutions after sophos.
JohnBusiness Consultant (Owner)Commented:
Let us know. Avast is supposed to be decent, but consider using the paid version for better results. .... Thinkpads_User
Alan SilvermanOwnerAuthor Commented:
Made some progress.  I went into command prompt and did an "attrib -s -h -r" command on the original user folder, which couldn't be accessed before that.  Then I took all those files and put them into the new user that had been set up after whatever happened happened. This got the customer back to her old desktop/setup/permissions.  Happy customer. Now I only have one problem.  Every time I open control panel or my computer or any folder, windows installer flashes three times and disappears.  Must be linked to explorer.exe somehow.  But how to get rid of it?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Download Process Monitor and extract it to the desktop.

Close down all running apps.  Start Process Monitor.  Of the four selected icons at the right-hand end of the toolbar, deselect the last two selected ones.  Change the window size so you can see your desktop's "My Computer" icon as well as the Process Monitor window.
With Process Monitor active (and logging), press Ctrl-X to clear the display then immediately double-click your My Computer icon to reproduce the problem.  As quickly as possible, click the magnifying glass on the Process Monitor toolbar to stop logging.  Now maximise the window and look for the needles in the haystack!!  Look for any third party folders being accessed.  You'll probably be able to right-click a number of the listed Process Names and exclude them as being irrelevant.  Look out for anything from msiexec.

If you can spot any likely culprits this way then see if you can uninstall them - using the Windows Installer Cleanup if need be.  You might also want to use AutoRuns (from Sysinternals too) to spot any left over entries from the same app - eg in the Explorer section.
Alan SilvermanOwnerAuthor Commented:
Still haven't cleared out the windows installer message, but got everything else and the customer is happy.  Closing.
Alan SilvermanOwnerAuthor Commented:
Basic problem was solved by doing the attrib -s -h -r
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.